Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
_.exe

Overview

General Information

Sample name:_.exe
renamed because original name is a hash value
Original sample name:_
Analysis ID:1387416
MD5:56354f6191810e362bf2ae7b3f6e82b4
SHA1:98260eb9dbec4ef777939937b4ca797ac336e3ff
SHA256:95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:18
Range:0 - 100

Signatures

Contains functionality to infect the boot sector
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Query firmware table information (likely to detect VMs)
Sigma detected: Execution from Suspicious Folder
Tries to delay execution (extensive OutputDebugStringW loop)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
DLL planting / hijacking vulnerabilities found
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • _.exe (PID: 6652 cmdline: C:\Users\user\Desktop\_.exe MD5: 56354F6191810E362BF2AE7B3F6E82B4)
    • avast_free_antivirus_setup_online_x64.exe (PID: 6128 cmdline: "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 MD5: 3BA1265F701C2D4A6EDEC89270D18B2F)
      • Instup.exe (PID: 7296 cmdline: "C:\Windows\Temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 MD5: CA4A5F3F1AADF421F89C19505055C7A9)
        • instup.exe (PID: 7808 cmdline: "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 /online_installer MD5: CA4A5F3F1AADF421F89C19505055C7A9)
          • aswOfferTool.exe (PID: 8184 cmdline: "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkGToolbar -elevated MD5: 7367CD4766242EA02249545D42987681)
          • aswOfferTool.exe (PID: 6756 cmdline: "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" /check_secure_browser MD5: 7367CD4766242EA02249545D42987681)
          • aswOfferTool.exe (PID: 6976 cmdline: "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChrome -elevated MD5: 7367CD4766242EA02249545D42987681)
          • aswOfferTool.exe (PID: 7208 cmdline: "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC MD5: 7367CD4766242EA02249545D42987681)
            • aswOfferTool.exe (PID: 7276 cmdline: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC MD5: 7367CD4766242EA02249545D42987681)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, CommandLine|base64offset|contains: ^r@E+*', Image: C:\Users\Public\Documents\aswOfferTool.exe, NewProcessName: C:\Users\Public\Documents\aswOfferTool.exe, OriginalFileName: C:\Users\Public\Documents\aswOfferTool.exe, ParentCommandLine: "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC, ParentImage: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe, ParentProcessId: 7208, ParentProcessName: aswOfferTool.exe, ProcessCommandLine: "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC, ProcessId: 7276, ProcessName: aswOfferTool.exe
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83, CommandLine: "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83, CommandLine|base64offset|contains: , Image: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe, NewProcessName: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe, OriginalFileName: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe, ParentCommandLine: C:\Users\user\Desktop\_.exe, ParentImage: C:\Users\user\Desktop\_.exe, ParentProcessId: 6652, ParentProcessName: _.exe, ProcessCommandLine: "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83, ProcessId: 6128, ProcessName: avast_free_antivirus_setup_online_x64.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00308090 CryptDestroyHash,0_2_00308090
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003091F0 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,0_2_003091F0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00308B60 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,0_2_00308B60
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030AE80 CryptDestroyHash,CryptDestroyHash,0_2_0030AE80
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00308FF0 CryptGenRandom,GetLastError,__CxxThrowException@8,0_2_00308FF0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00308000 CryptDestroyHash,0_2_00308000
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003090E0 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_003090E0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00309270 CryptHashData,GetLastError,__CxxThrowException@8,0_2_00309270
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003223F0 CryptReleaseContext,0_2_003223F0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00308C90 CryptReleaseContext,0_2_00308C90
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00308DC0 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,0_2_00308DC0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DF7190 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,7_2_00007FF684DF7190
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_c407c766-e
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: IPHLPAPI.DLL
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: WINMM.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: WTSAPI32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: VERSION.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: USERENV.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: C:\Users\Public\Documents\gcapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: CRYPTBASE.DLL
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe

Compliance

barindex
DLL planting / hijacking vulnerabilities found
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: IPHLPAPI.DLL
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: WINMM.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: WTSAPI32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: VERSION.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: USERENV.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: C:\Users\Public\Documents\gcapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeDLL: CRYPTBASE.DLL
EXE planting / hijacking vulnerabilities found
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeEXE: C:\Users\Public\Documents\aswOfferTool.exe
Uses 32bit PE files
Source: _.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: _.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49766 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: _.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000000.1705949961.00007FF6709C1000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdbv source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: _.exe, 00000000.00000000.1640845455.0000000000323000.00000002.00000001.01000000.00000003.sdmp, _.exe, 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmp

Networking

barindex
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: Instup.dll.1.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: Found NDIS imports: FwpmSubLayerEnum0, FwpmSubLayerDestroyEnumHandle0, FwpmCalloutEnum0, FwpmSubLayerDeleteByKey0, FwpmEngineClose0, FwpmFilterEnum0, FwpmCalloutCreateEnumHandle0, FwpmTransactionCommit0, FwpmSubLayerCreateEnumHandle0, FwpmFilterDeleteByKey0, FwpmEngineOpen0, FwpmProviderDeleteByKey0, FwpmTransactionAbort0, FwpmFreeMemory0, FwpmFilterCreateEnumHandle0, FwpmCalloutDeleteByKey0, FwpmFilterDestroyEnumHandle0, FwpmTransactionBegin0, FwpmCalloutDestroyEnumHandle0
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.117.223.223 34.117.223.223
Source: Joe Sandbox ViewIP Address: 34.160.176.28 34.160.176.28
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownDNS traffic detected: queries for: v7event.stats.avast.com
Source: unknownHTTP traffic detected: POST /v4/receive/json/70 HTTP/1.1Connection: Keep-AliveContent-Type: application/jsonUser-Agent: Avast SimpleHttp/3.0Content-Length: 602Host: analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs5x.u.avast.com/iavs5x8tinyaY
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9x-xpnyO
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9xcgij$x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9tiny.u.avast.com/ivps9tinyC%
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tiny&
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vps18tiny.u.avcdn.net/vps18tinyrder=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9x8tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.iavs9x.u.avast.com/iavs9xxpu.c
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9tiny.u.avast.com/ivps9tiny=.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9xcgi2.
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tinyATH%
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vps18tiny.u.avcdn.net/vps18tinyI/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://b8003600.vpsnitrotiny.u.avast.com/vpsnitrotiny.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs5x.u.avast.com/iavs5x9tinyOL%
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x8tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9x8tinyh
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.iavs9x.u.avast.com/iavs9xdiff-method
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tiny0
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9tiny.u.avast.com/ivps9tinytA
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vps18tiny.u.avcdn.net/vps18tiny8e41bd42
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitro5
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c3978047.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.comirsBaseUrlTracking=Sending
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9x-xpYt
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9xcgiyQ7
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.iavs9x.u.avast.com/iavs9xiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitro.u.avast.com/vpsnitroeu
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://d3176133.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3507153428.000001CD540BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ec.europa.eu/consumers/odr/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1667297011.00000230613DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1667204102.00000230613DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wG
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs5x.u.avast.com/iavs5x8tinyvM
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xp(M
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9x-xpq6o
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9xcgig)u
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.ivps9x.u.avast.com/ivps9xcgiLM(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ftp://UnknownWindows-3.11Windows-95Windows-95-OSR2Windows-98Windows-98-SEWindows-MEWindows-CE
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs5x.u.avast.com/iavs5xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x8tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9x8tinyt_file_o
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.iavs9x.u.avast.com/iavs9xfile
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9tiny.u.avast.com/ivps9tiny&C
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vps18tiny.u.avcdn.net/vps18tinyiext.dll
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitro3C9
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitro.u.avast.com/vpsnitrow-e
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotinyiff-method
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geo
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geoip.avast.com/geoip/geoip.php
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5xvpx
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs5x.u.avast.com/iavs5xxpny?K5
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp&J
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9x-xp37
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9xcgiy
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.iavs9x.u.avast.com/iavs9xxp0K
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9tiny.u.avast.com/ivps9tinyaK
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tiny6
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vps18tiny.u.avcdn.net/vps18tinyp&n
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4305360.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs5x.u.avast.com/iavs5x9tinyG$
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.iavs9x.u.avast.com/iavs9x-xpx$v
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9tiny.u.avast.com/ivps9tinyM
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny(
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tiny=
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vps18tiny.u.avcdn.net/vps18tinyiately
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://h4444966.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: _.exe, 00000000.00000000.1640845455.0000000000323000.00000002.00000001.01000000.00000003.sdmp, _.exe, 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs5x.u.avast.com/iavs5x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9x-xpQD
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.iavs9x.u.avast.com/iavs9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9tiny.u.avast.com/ivps9tinygD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18.u.avcdn.net/vps18
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tiny9E7
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tinyH%
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vps18tiny.u.avcdn.net/vps18tinya-256
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitro8
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://j0294597.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keys.backup.norton.comLO.3120accountkeysCCT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9x9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.iavs9x.u.avast.com/iavs9xract-type
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9tiny.u.avast.com/ivps9tinyLt(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tinyn
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vps18tiny.u.avcdn.net/vps18tinyorder=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avas
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avasm/vp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitro.u.avast.com/vpsnitroEt3
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l2983942.vpsnitrotiny.u.avast.com/vpsnitrotinyname=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs5x.u.avast.com/iavs5xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp;A1
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x-xp?-
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9tiny.u.avast.com/ivps9tinyiN
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-24020599.vpx
Source: instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tinyf2a8af6f
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vps18tiny.u.avcdn.net/vps18tinymmediate
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l4691727.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs5x.u.avast.com/iavs5x9tiny.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9xcgi-X
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.iavs9x.u.avast.com/iavs9xxpJO&
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny6O
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9tiny.u.avast.com/ivps9tiny8(
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vps18tiny.u.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://l7814800.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x.cgiF&
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x8tinyu)c
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.ivps9x.u.avast.com/ivps9x9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vps18tiny.u.avcdn.net/vps18tinyction-st
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitro.u.avast.com/vpsnitroyYM
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0658849.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs5x.u.avast.com/iavs5x8tiny
Source: Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xp_F
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9x-xps#a
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.iavs9x.u.avast.com/iavs9xxtract_file_order=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tiny-method
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vps18tiny.u.avcdn.net/vps18tinyh=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n2833777.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9xcgijL
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.iavs9x.u.avast.com/iavs9xcgiy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tinyile_orde
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vps18tiny.u.avcdn.net/vps18tinyp(n
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs5x.u.avast.com/iavs5xtroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.iavs9x.u.avast.com/iavs9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.ivps9x.u.avast.com/ivps9xcgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vps18tiny.u.avcdn.net/vps18tinyK
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitro.u.avast.com/vpsnitro.A
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8283613.vpsnitrotiny.u.avast.com/vpsnitrotiny56
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1665436949.000002306135F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1665720159.000002306136D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1665516496.0000023061362000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1665607280.0000023061368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs5x.u.avast.com/iavs5x8tinybI
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x-xp8I4
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9x.cgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.iavs9x.u.avast.com/iavs9xrder=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9tiny.u.avast.com/ivps9tinyiI
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tinyIH
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vps18tiny.u.avcdn.net/vps18tinyb167eb44
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitro.u.avast.com/vpsnitroBH.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p1043812.vpsnitrotiny.u.avast.com/vpsnitrotinyup
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.iavs9x.u.avast.com/iavs9x6
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tinyMY
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9tiny.u.avast.com/ivps9tinyr%
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tinyinitionsx
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vps18tiny.u.avcdn.net/vps18tinyr=
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotinyef&
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://play.google.com
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://play.google.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9xcgiy
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9tiny.u.avast.com/ivps9tiny;F1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9xU
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.ivps9x.u.avast.com/ivps9xtro3X9
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vps18tiny.u.avcdn.net/vps18tinyst
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r0965026.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xpf
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x-xppG
Source: Instup.exe, 00000003.00000003.1819506230.000001F960856000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907201854.000001F96085C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1909038092.000001F96085D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872065061.000001F960856000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872138242.000001F96085C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907137305.000001F960856000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819576737.000001F96085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a2c.vpx
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x/instcont_x64_ais-a2c.vpx
Source: Instup.exe, 00000003.00000003.1872138242.000001F96085C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a2c.vpx
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x8tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9x8tinyDEC%
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.iavs9x.u.avast.com/iavs9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.ivps9x.u.avast.com/ivps9xtroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vps18tiny.u.avcdn.net/vps18tinyf417f733
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3802239.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs5x.u.avast.com/iavs5x9tiny.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xp
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9x8tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.iavs9x.u.avast.com/iavs9xmethod
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9x.u.avast.com/ivps9x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.ivps9x.u.avast.com/ivps9x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vps18tiny.u.avcdn.net/vps18tinyb_dns.si
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitro
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitro.u.avast.com/vpsnitroy
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r4427608.vpsnitrotiny.u.avast.com/vpsnitrotinyvpx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xpWX
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x-xpny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x7985433738
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9x8tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.iavs9x.u.avast.com/iavs9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9tiny.u.avast.com/ivps9tiny/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.ivps9x.u.avast.com/ivps9xxp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny.sig
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny:Z
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tiny=
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vps18tiny.u.avcdn.net/vps18tinyWQ
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r6726306.vpsnitrotiny.u.avast.com/vpsnitrotinypx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs5x.u.avast.com/iavs5xtroy0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.iavs9x.u.avast.com/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9tiny.u.avast.com/ivps9tinyy-w
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tinyWX
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vps18tiny.u.avcdn.net/vps18tinyhod
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r9319236.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9x-xpny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9xcgi
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.iavs9x.u.avast.com/iavs9xiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9tiny.u.avast.com/ivps9tiny(4F
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vps18tiny.u.avcdn.net/vps18tinyile
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotiny.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tiny(
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyD-
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi8tinyN$
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi9tiny;_1
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgi9tinyS
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgic/q
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgicgiy
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitro2)
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitroN6
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitroy
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sm00.avast.com/cgi-bin/iavsup2.cgitroy(-F
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi-C
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi/D
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi7000
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi7B=
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi8G4
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi:X6
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgi=)
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiE
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiJv&
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiVL
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiY
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiv/d
Source: Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy#I
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiy?
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiyk
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit5.avast.com/cgi-bin/submit50.cgiyu
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9xcan.dll
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.iavs9x.u.avast.com/iavs9xffBS
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vps18tiny.u.avcdn.net/vps18tinyt
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t1024579.vpsnitrotiny.u.avast.com/vpsnitrotinylyOnly
Source: _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/7
Source: _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/M
Source: _.exe, 00000000.00000003.2263845068.000000000847A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: _.exe, 00000000.00000003.2263845068.000000000847A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiL
Source: _.exe, 00000000.00000003.2264432008.0000000004F4B000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263473081.0000000004F3F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499944380.0000000004F4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgir
Source: _.exe, 00000000.00000003.1645672093.0000000004F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgiw
Source: _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/h
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs5x.u.avast.com/iavs5xtrofH
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x-xpmH
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.iavs9x.u.avast.com/iavs9x.cgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vps18tiny.u.avcdn.net/vps18tinyc
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitro.u.avast.com/vpsnitro;H1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://w5805295.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/legal/internet-services/itunes/pl/terms.html
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/legal/internet-services/itunes/us/terms.html
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com/refund-policy
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com/vendor
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: _.exe, 00000000.00000003.2264158977.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3501982300.0000000008470000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.1645867745.0000000004F36000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499944380.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264432008.0000000004F5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/E
Source: _.exe, 00000000.00000003.2263473081.0000000004F3F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499867846.0000000004F40000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1688915647.000002305EB06000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect?aiid=mmm_ava_tst_007_402_a&an=Free&av=24.1.8821&cd=stub-exte
Source: _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collectC
Source: _.exe, 00000000.00000003.1645672093.0000000004F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/intl/%s/toolbar/ie/partnereula.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x9
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x9tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.iavs9x.u.avast.com/iavs9x~4l
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.v
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tiny
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vps18tiny.u.avcdn.net/vps18tinyX7
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y8002308.vtro.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5x
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs5x.u.avast.com/iavs5x8tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9x8tinyAC/
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xcgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.iavs9x.u.avast.com/iavs9xly
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9tiny.u.avast.com/ivps9tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9x
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9x9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.ivps9x.u.avast.com/ivps9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18.u.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tiny9c39fa5f
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vps18tiny.u.avcdn.net/vps18tinyvB
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitro
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitroLB(
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitro.u.avast.com/vpsnitroy$.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs5x.u.avast.com/iavs5x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x-xp
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x-xpQv
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9x9c55ca4d0b557987063f
Source: Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9xcgiC7
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.iavs9x.u.avast.com/iavs9xtro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9tiny.u.avast.com/ivps9tinynv
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.ivps9x.u.avast.com/ivps9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18.u.avcdn.net/vps18
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vps18tiny.u.avcdn.net/vps18tiny9w7
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitro.u.avast.com/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z4055813.vpsnitrotiny.u.avast.com/vpsnitrotiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menu
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/downloads/latest/avast-online-security?utm_source=av-in-app-menuP
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dhttps://analytics.avcdn.net/v4/receive/json/%d8
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.net/v4/receive/json/%dnorton_account_idslicensehttps://analytics.avcdn
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics-stage.avcdn.nethttps://analytics.avcdn.net/v4/receive/json/67A1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499943163.000002305EAD0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292946492.000002305EACB000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292841887.000002305EAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/T
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/%d
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/15Error
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003511393.0000023063BF5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1692554203.000002305EB01000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503726567.0000023063BF5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292841887.000002305EA93000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293009214.0000023063BF5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499302580.000002305EA94000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3500354153.000002305EB02000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EA8F000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1688915647.000002305EB06000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003456596.000002305EB01000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506376000.000001CD535FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499869190.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003531141.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292841887.000002305EAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292841887.000002305EA93000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499302580.000002305EA94000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EA8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/70d?
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003550363.000002305EAB5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499765173.000002305EAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/700.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: instup.exe, 00000007.00000002.3507153428.000001CD540BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/L
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe?campaign_source=av_install_t
Source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-av-download.avastbrowser.com/avg_secure_browser_setup-szb.exehttps://cdn-av-download.ava
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504111609.0000023063C73000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fallback.nos-avg.cz./servers.json
Source: instup.exe, 00000007.00000002.3507153428.000001CD540BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fallback.nos-avg.cz./servers.jsonz
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exe
Source: Instup.exe, 00000003.00000002.3501019475.000001F95D8E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exe.36tor.
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av//avast_premium_security_online_setup.exe/avast_omni_online_s
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exe
Source: instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exesS
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-av/release/avast_one_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exe
Source: instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exeBN
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504111609.0000023063C73000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3501727191.000001CD4F8E7000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe
Source: instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release-one/avast_driver_updater_online_setup.exe1-1
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504111609.0000023063C73000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506147603.000001CD53495000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release-one/avast_cleanup_online_setup.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe
Source: instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exe
Source: instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exe:
Source: _.exe, 00000000.00000003.2264432008.0000000004F4B000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263473081.0000000004F3F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499944380.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.1645672093.0000000004F41000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499427047.0000000004EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: _.exe, 00000000.00000002.3499427047.0000000004EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exet
Source: _.exe, 00000000.00000003.1645867745.0000000004F21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net/o)
Source: _.exe, 00000000.00000003.1645672093.0000000004F41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iavs9x.u.avcdn.net:443/iavs9x/avast_free_antivirus_setup_online_x64.exe
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499551834.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: instup.exe, 00000007.00000002.3506376000.000001CD535FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.comT
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506376000.000001CD535FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506376000.000001CD535FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: instup.exe, 00000007.00000002.3506376000.000001CD535FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.comH
Source: Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com~4
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner-v6.ff.avast.com/v2/inspection
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspection
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outside-scanner.ff.avast.com/v2/inspectioncgi
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504111609.0000023063C73000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pamcdn.avast.com/pamcdn/extensions/install/win/extension/index.html?p_pei=%token%&cn=%cn%&cs
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-iavs9x.avcdn.net/iavs9x-xp
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avast/1.0.327/updatefile.json
Source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-tools.avcdn.net/tools/chrome/av-chrome-2019.exe.lzma.tmpInstallerOffers.GoogleChrome/r:
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18.avcdn.net/vps18
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vps18tiny.avcdn.net/vps18tiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitro.avcdn.net/vpsnitro
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-vpsnitrotiny.avcdn.net/vpsnitrotiny
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.comhttps://hns-legacy.sb.avast.comContent-Type/V1/MDRequest
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.avast.com/issue_detailstatus_imgtemplate
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avas
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avasm/cg
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi(FUS
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi0qNS
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgi89a79e55f8V
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiPPATH%
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiP~NS
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgib
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgie
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgieport.exe
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiile-defs
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgion
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgioperation
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgipe
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgipxv
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgiration
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgit_file_ordF
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgitupPackage
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi/condition
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi2c29e3a72045
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi4
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiFalse
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi_arm64_ais
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgialse
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiiny6
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyadcb2a702e6d6
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyition
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinylete_path_
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyondition
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiinyvpx
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgikg
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgiondition
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7.stats.avast.com/cgi-bin/iavs4stats.cgit
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499943163.000002305EAD0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292946492.000002305EACB000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292841887.000002305EAC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/
Source: Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsev
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi-list
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi64
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002670678.000002305EAF1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1692162873.000002305EAF1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3500158470.000002305EAF1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiBh
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiReport.exe~
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgifertool_x6N
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgime=
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgin
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgipdateSetup
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgipx
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgivpx
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgix64_ais
Source: instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com/cgi-bin/iavsevents.cgiype
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003550363.000002305EAB5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499765173.000002305EAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgi
Source: Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.comStreamback
Source: Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.comhttps://hns-legacy.sb.avast.comhttps://submit.sb.avast.comhttps://virusl
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/vendor
Source: Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/vpn-territory
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/license-retrievaloption:currentpage_titleinvalid_valuepopup
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/chrome/browser/privacy/eula_text.htmlhttps://www.google.com/chrome/br
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/%s/policies/terms/p
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8258AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FFDF8258AF0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8258AF0 OpenClipboard,GlobalAlloc,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,SetClipboardData,SetClipboardData,CloseClipboard,7_2_00007FFDF8258AF0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8258570 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,RegisterClipboardFormatW,SetClipboardData,CloseClipboard,7_2_00007FFDF8258570
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80BE890 KillTimer,GetAsyncKeyState,GetDoubleClickTime,SetTimer,GetAsyncKeyState,KillTimer,KillTimer,GetCursorPos,WindowFromPoint,ScreenToClient,KillTimer,KillTimer,GetCursorPos,ScreenToClient,GetAsyncKeyState,7_2_00007FFDF80BE890
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030C2A0: GetSystemDirectoryW,GetLastError,GetVolumePathNameW,GetLastError,GetVolumeNameForVolumeMountPointW,GetLastError,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,0_2_0030C2A0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030B9100_2_0030B910
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003052D00_2_003052D0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030D0E00_2_0030D0E0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030EB800_2_0030EB80
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0031CC0E0_2_0031CC0E
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003164740_2_00316474
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0031C7600_2_0031C760
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00320FFC0_2_00320FFC
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6C79A1FC81_2_00007FF6C79A1FC8
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6C78C10001_2_00007FF6C78C1000
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DF8F907_2_00007FF684DF8F90
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C999807_2_00007FF684C99980
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DF71907_2_00007FF684DF7190
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C95E307_2_00007FF684C95E30
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DF95507_2_00007FF684DF9550
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E6BF347_2_00007FF684E6BF34
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E5E7087_2_00007FF684E5E708
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E5F6EC7_2_00007FF684E5F6EC
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E5D6387_2_00007FF684E5D638
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C910007_2_00007FF684C91000
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684CA97F07_2_00007FF684CA97F0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DEDF907_2_00007FF684DEDF90
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C951227_2_00007FF684C95122
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C958907_2_00007FF684C95890
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684CA68507_2_00007FF684CA6850
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E6D0687_2_00007FF684E6D068
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E5DA0C7_2_00007FF684E5DA0C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C923107_2_00007FF684C92310
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684CA62907_2_00007FF684CA6290
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C97AA07_2_00007FF684C97AA0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E5D2647_2_00007FF684E5D264
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DE9C107_2_00007FF684DE9C10
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E704007_2_00007FF684E70400
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684C9D3907_2_00007FF684C9D390
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684CA13807_2_00007FF684CA1380
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81F19207_2_00007FFDF81F1920
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8212CA07_2_00007FFDF8212CA0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80B6F8C7_2_00007FFDF80B6F8C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80C34707_2_00007FFDF80C3470
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80BE8907_2_00007FFDF80BE890
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80EF8907_2_00007FFDF80EF890
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF829E8C07_2_00007FFDF829E8C0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80FB9107_2_00007FFDF80FB910
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83619547_2_00007FFDF8361954
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80FF9507_2_00007FFDF80FF950
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80EA9907_2_00007FFDF80EA990
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80F29D07_2_00007FFDF80F29D0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80E6A707_2_00007FFDF80E6A70
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8105A807_2_00007FFDF8105A80
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8143B007_2_00007FFDF8143B00
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8111AF07_2_00007FFDF8111AF0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80CAB007_2_00007FFDF80CAB00
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF832CAE07_2_00007FFDF832CAE0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF837FB1C7_2_00007FFDF837FB1C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8360BA47_2_00007FFDF8360BA4
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8178BC07_2_00007FFDF8178BC0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8321B707_2_00007FFDF8321B70
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8362B847_2_00007FFDF8362B84
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80CDC007_2_00007FFDF80CDC00
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF836BCD07_2_00007FFDF836BCD0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80CDCD07_2_00007FFDF80CDCD0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8145D307_2_00007FFDF8145D30
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF813AD807_2_00007FFDF813AD80
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8106DB07_2_00007FFDF8106DB0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80EADA07_2_00007FFDF80EADA0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8115E807_2_00007FFDF8115E80
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8362FB87_2_00007FFDF8362FB8
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF82A7F7C7_2_00007FFDF82A7F7C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8114F707_2_00007FFDF8114F70
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF838EF607_2_00007FFDF838EF60
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80EEFA07_2_00007FFDF80EEFA0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83330207_2_00007FFDF8333020
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF837EFEC7_2_00007FFDF837EFEC
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80F30507_2_00007FFDF80F3050
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF838A01C7_2_00007FFDF838A01C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81070407_2_00007FFDF8107040
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81F20707_2_00007FFDF81F2070
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83620707_2_00007FFDF8362070
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80FD0A07_2_00007FFDF80FD0A0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81120A07_2_00007FFDF81120A0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81060D07_2_00007FFDF81060D0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF82100E07_2_00007FFDF82100E0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81961607_2_00007FFDF8196160
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81F71607_2_00007FFDF81F7160
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80F02107_2_00007FFDF80F0210
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80E62107_2_00007FFDF80E6210
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81072007_2_00007FFDF8107200
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83731F07_2_00007FFDF83731F0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF832A2607_2_00007FFDF832A260
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81792C07_2_00007FFDF81792C0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81002C07_2_00007FFDF81002C0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81062C07_2_00007FFDF81062C0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80F12E07_2_00007FFDF80F12E0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80BB3A07_2_00007FFDF80BB3A0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83294207_2_00007FFDF8329420
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83603FC7_2_00007FFDF83603FC
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80FB4907_2_00007FFDF80FB490
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF837F49C7_2_00007FFDF837F49C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83844F07_2_00007FFDF83844F0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81055507_2_00007FFDF8105550
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80CD5907_2_00007FFDF80CD590
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80E55C07_2_00007FFDF80E55C0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80EE6207_2_00007FFDF80EE620
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF82586307_2_00007FFDF8258630
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF832A7507_2_00007FFDF832A750
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF832C6F07_2_00007FFDF832C6F0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80F07207_2_00007FFDF80F0720
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81CB7307_2_00007FFDF81CB730
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80ED7607_2_00007FFDF80ED760
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83607D07_2_00007FFDF83607D0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF80EC8107_2_00007FFDF80EC810
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF81388307_2_00007FFDF8138830
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_006030808_2_00603080
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_002A308013_2_002A3080
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: String function: 00007FFDF831F6C0 appears 44 times
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: String function: 00007FFDF82996BC appears 32 times
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: String function: 00007FF684C966D0 appears 114 times
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: String function: 00007FFDF835E900 appears 47 times
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: String function: 00007FFDF81F6E70 appears 31 times
Source: Instup.dll.1.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: Instup.dll.1.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: Instup.dll.1.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: Instup.dll.1.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: Instup.dll.1.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: offertool_x64_ais-a2c.vpx.3.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: Resource name: FILE type: PE32 executable (console) Intel 80386, for MS Windows
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: Resource name: FILE type: PE32+ executable (GUI) x86-64, for MS Windows
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: Resource name: RT_STRING type: COM executable for DOS
Source: aswa0dfcb5ba1c40253.tmp.3.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: aswOfferTool.exe.11.drStatic PE information: Resource name: FILE type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
Source: _.exe, 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamemicrostub.exe, vs _.exe
Source: C:\Users\user\Desktop\_.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\_.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: instup.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: wscapi.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: wtsapi32.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: userenv.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: version.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: winmm.dll
Source: C:\Users\Public\Documents\aswOfferTool.exeSection loaded: kernel.appcore.dll
Source: _.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal45.troj.evad.winEXE@16/62@84/2
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003052D0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateThread,FindCloseChangeNotification,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00301930 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GlobalFree,CoInitializeEx,CoCreateInstance,GetDC,CreateDIBSection,ReleaseDC,DeleteObject,0_2_00301930
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003038A0 CreateFileMappingW,GetLastError,MapViewOfFile,GetLastError,FindResourceW,LoadResource,wsprintfW,GetLastError,UnmapViewOfFile,CloseHandle,SetLastError,0_2_003038A0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exe
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeMutant created: NULL
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Asw_8ceee24b034b72bcb4dffdc5f5071361
Source: C:\Users\user\Desktop\_.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Users\user\Desktop\_.exeFile created: C:\Windows\Temp\asw.75bd35e031d85f83Jump to behavior
Source: C:\Users\user\Desktop\_.exeCommand line argument: /silent0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: /cookie0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: /ppi_icd0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: /cust_ini0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: Enabled0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxyType0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: Port0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: User0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: Password0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: ProxySettings0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: Properties0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: /smbupd0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: enable0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: mirror0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: count0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: servers0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: urlpgm0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: server00_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: http://0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: https://0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: allow_fallback0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: mirror0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: installer.exe0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: {versionSwitch}0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: stable0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: %s\%s0_2_003052D0
Source: C:\Users\user\Desktop\_.exeCommand line argument: X>20_2_003052D0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCommand line argument: .`p8_2_00705F80
Source: C:\Users\Public\Documents\aswOfferTool.exeCommand line argument: .`:13_2_003A5F80
Source: _.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\Temp\asw.c8e10c29a108e125\aswfa27b6e3aa1fb2fa.iniJump to behavior
Source: C:\Users\user\Desktop\_.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: instup.exeString found in binary or memory: <!--StartFragment-->
Source: instup.exeString found in binary or memory: animation-start!
Source: unknownProcess created: C:\Users\user\Desktop\_.exe C:\Users\user\Desktop\_.exe
Source: C:\Users\user\Desktop\_.exeProcess created: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe "C:\Windows\Temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 /online_installer
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkGToolbar -elevated
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" /check_secure_browser
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChrome -elevated
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeProcess created: C:\Users\Public\Documents\aswOfferTool.exe "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
Source: C:\Users\user\Desktop\_.exeProcess created: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83Jump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe "C:\Windows\Temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83Jump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 /online_installerJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkGToolbar -elevatedJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" /check_secure_browserJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChrome -elevatedJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFCJump to behavior
Source: C:\Users\user\Desktop\_.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{389EA17B-5078-4CDE-B6EF-25C15175C751}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile written: C:\Windows\Temp\asw.c8e10c29a108e125\aswfa27b6e3aa1fb2fa.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: _.exeStatic PE information: certificate valid
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: _.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: _.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Sbr.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\InstCont.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000000.1705949961.00007FF6709C1000.00000002.00000001.01000000.0000000D.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdbv source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\HTMLayout.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\SfxInst.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000000.1663114670.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: MsiZap.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\gcapi_dll.dll.pdb source: Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\Instup.pdb source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\avDump.pdb source: Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\avDump.pdb source: Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: _.exe, 00000000.00000000.1640845455.0000000000323000.00000002.00000001.01000000.00000003.sdmp, _.exe, 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\AvBugReport.pdb source: Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmp
Source: _.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: _.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: _.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: _.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: _.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003021A0 KillTimer,InterlockedExchange,DefWindowProcW,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_003021A0
Source: _.exeStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: .didat
Source: avast_free_antivirus_setup_online_x64.exe.0.drStatic PE information: section name: _RDATA
Source: HTMLayout.dll.1.drStatic PE information: section name: _RDATA
Source: Instup.dll.1.drStatic PE information: section name: .didat
Source: Instup.dll.1.drStatic PE information: section name: _RDATA
Source: Instup.exe.1.drStatic PE information: section name: _RDATA
Source: aswe2952a0845919908.tmp.3.drStatic PE information: section name: _RDATA
Source: avbugreport_x64_ais-a2c.vpx.3.drStatic PE information: section name: _RDATA
Source: avdump_x64_ais-a2c.vpx.3.drStatic PE information: section name: .didat
Source: avdump_x64_ais-a2c.vpx.3.drStatic PE information: section name: _RDATA
Source: avdump_x86_ais-a2c.vpx.3.drStatic PE information: section name: .didat
Source: instcont_x64_ais-a2c.vpx.3.drStatic PE information: section name: _RDATA
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: section name: .didat
Source: instup_x64_ais-a2c.vpx.3.drStatic PE information: section name: _RDATA
Source: setgui_x64_ais-a2c.vpx.3.drStatic PE information: section name: _RDATA
Source: asw0237362d67824d4a.tmp.3.drStatic PE information: section name: _RDATA
Source: asw444163db9114c94a.tmp.3.drStatic PE information: section name: .didat
Source: asw444163db9114c94a.tmp.3.drStatic PE information: section name: _RDATA
Source: aswf6bcaec66cdfba35.tmp.3.drStatic PE information: section name: _RDATA
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: section name: .didat
Source: asw5b3bde27e96ebf24.tmp.3.drStatic PE information: section name: _RDATA
Source: gcapi.dll.10.drStatic PE information: section name: .00cfg
Source: gcapi.dll.10.drStatic PE information: section name: .voltbl
Source: gcapi.dll.10.drStatic PE information: section name: malloc_h
Source: gcapi.dll.13.drStatic PE information: section name: .00cfg
Source: gcapi.dll.13.drStatic PE information: section name: .voltbl
Source: gcapi.dll.13.drStatic PE information: section name: malloc_h
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00311126 push ecx; ret 0_2_00311139
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684CAFD47 push rax; retf 0019h7_2_00007FF684CAFD4D
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_0060A5D2 push edi; iretd 8_2_0060A5D6
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_0060B2D9 push eax; retn 0000h8_2_0060B2DD
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_006D37F4 push ecx; ret 8_2_006D3807
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_002AA5D2 push edi; iretd 13_2_002AA5D6
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_003737F4 push ecx; ret 13_2_00373807

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\_.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_00309EA0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa9aa3d9a98bba04a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw0237362d67824d4a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswf6bcaec66cdfba35.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeFile created: C:\Users\Public\Documents\aswOfferTool.exeJump to dropped file
Source: C:\Users\user\Desktop\_.exeFile created: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswe2952a0845919908.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw444163db9114c94a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\sbr_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa0dfcb5ba1c40253.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\instup_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x86_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\setgui_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw5b3bde27e96ebf24.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\instcont_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\offertool_x64_ais-a2c.vpxJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeFile created: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avbugreport_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa9aa3d9a98bba04a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw0237362d67824d4a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswf6bcaec66cdfba35.tmpJump to dropped file
Source: C:\Users\user\Desktop\_.exeFile created: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswe2952a0845919908.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw444163db9114c94a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\sbr_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa0dfcb5ba1c40253.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\instup_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x86_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\setgui_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw5b3bde27e96ebf24.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\instcont_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\offertool_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avbugreport_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avbugreport_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x86_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\instcont_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\instup_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\offertool_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\sbr_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeFile created: C:\Windows\Temp\asw.c8e10c29a108e125\setgui_x64_ais-a2c.vpxJump to dropped file
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003052D0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateThread,FindCloseChangeNotification,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,0_2_003052D0

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\_.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u0_2_00309EA0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
Source: C:\Users\user\Desktop\_.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\_.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\_.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeSection loaded: OutputDebugStringW count: 140
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeSection loaded: OutputDebugStringW count: 121
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DF8F90 rdtsc 7_2_00007FF684DF8F90
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa9aa3d9a98bba04a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw0237362d67824d4a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvDump.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\instup_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x86_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\sbr.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\HTMLayout.dll (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\setgui_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw5b3bde27e96ebf24.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\uat64.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswe2952a0845919908.tmpJump to dropped file
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\HTMLayout.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvBugReport.exe (copy)Jump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x64_ais-a2c.vpxJump to dropped file
Source: C:\Users\Public\Documents\aswOfferTool.exeDropped PE file which has not been started: C:\Users\Public\Documents\gcapi.dllJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw444163db9114c94a.tmpJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\avbugreport_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeDropped PE file which has not been started: C:\Windows\Temp\asw.c8e10c29a108e125\sbr_x64_ais-a2c.vpxJump to dropped file
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeAPI coverage: 8.5 %
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeAPI coverage: 8.0 %
Source: C:\Users\Public\Documents\aswOfferTool.exeAPI coverage: 9.7 %
Source: C:\Users\user\Desktop\_.exe TID: 5752Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe TID: 7216Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe TID: 7348Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe TID: 7848Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\_.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030770C VirtualQuery,GetSystemInfo,0_2_0030770C
Source: _.exe, 00000000.00000003.2264158977.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.1645672093.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499944380.0000000004F5F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264432008.0000000004F5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWindowClass
Source: _.exe, 00000000.00000002.3499427047.0000000004EE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP_
Source: _.exe, 00000000.00000003.1645672093.0000000004FB2000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499943163.000002305EAD0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003572868.0000023063C12000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC8000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2292946492.000002305EACB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003550363.000002305EAB5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684DF8F90 rdtsc 7_2_00007FF684DF8F90
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00314206 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00314206
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E4D66C GetLastError,IsDebuggerPresent,OutputDebugStringW,7_2_00007FF684E4D66C
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003021A0 KillTimer,InterlockedExchange,DefWindowProcW,GetModuleHandleW,GetProcAddress,GetVersionExW,SetTimer,DefWindowProcW,SetTimer,DefWindowProcW,LoadLibraryW,GetProcAddress,FreeLibrary,SetTimer,DefWindowProcW,DefWindowProcW,InvalidateRect,DefWindowProcW,ShutdownBlockReasonCreate,ShutdownBlockReasonCreate,0_2_003021A0
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003179EA mov eax, dword ptr fs:[00000030h]0_2_003179EA
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_006F39F2 mov ecx, dword ptr fs:[00000030h]8_2_006F39F2
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_006FB660 mov eax, dword ptr fs:[00000030h]8_2_006FB660
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_003939F2 mov ecx, dword ptr fs:[00000030h]13_2_003939F2
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_0039B660 mov eax, dword ptr fs:[00000030h]13_2_0039B660
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00302790 GetLastError,GetLastError,GetLastError,GetFileSizeEx,wsprintfW,SetFilePointerEx,SetEndOfFile,GetLastError,InterlockedExchange,GetProcessHeap,RtlAllocateHeap,WriteFile,InterlockedExchangeAdd,GetLastError,SetFilePointerEx,SetEndOfFile,GetLastError,GetProcessHeap,RtlFreeHeap,GetLastError,SetLastError,0_2_00302790
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00311022 SetUnhandledExceptionFilter,0_2_00311022
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0031113B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0031113B
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00314206 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00314206
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00310E8F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00310E8F
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6C79796DC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6C79796DC
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6C7979214 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6C7979214
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeCode function: 1_2_00007FF6C7988770 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6C7988770
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E4CD3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF684E4CD3C
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FF684E61844 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF684E61844
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF8374B74 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FFDF8374B74
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: 7_2_00007FFDF83341F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FFDF83341F8
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_006D290E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_006D290E
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: 8_2_006DEED0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_006DEED0
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_0037290E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_0037290E
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: 13_2_0037EED0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_0037EED0
Source: C:\Users\user\Desktop\_.exeProcess created: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe "C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83Jump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe "C:\Windows\Temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83Jump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe "C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 /online_installerJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe "c:\windows\temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:c:\windows\temp\asw.75bd35e031d85f83
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe "c:\windows\temp\asw.c8e10c29a108e125\new_180117d3\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:c:\windows\temp\asw.75bd35e031d85f83 /online_installer
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe "c:\windows\temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:c:\windows\temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:c:\windows\temp\asw.75bd35e031d85f83Jump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeProcess created: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe "c:\windows\temp\asw.c8e10c29a108e125\new_180117d3\instup.exe" /sfx /sfxstorage:c:\windows\temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:c:\windows\temp\asw.75bd35e031d85f83 /online_installerJump to behavior
Source: avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MonitorFromWindowUSER32.DLLWorkerWProgmanGetMonitorInfoW%s KERNEL32.DLL
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_003112CD cpuid 0_2_003112CD
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: GetLocaleInfoW,7_2_00007FF684E73DB0
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00007FF684E79D64
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: EnumSystemLocalesW,7_2_00007FF684E79678
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: EnumSystemLocalesW,7_2_00007FF684E79748
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: EnumSystemLocalesW,7_2_00007FF684E738D4
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00007FF684E79328
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00007FF684E79B88
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: GetLocaleInfoW,7_2_00007FFDF837E968
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeCode function: GetLocaleInfoA,LeaveCriticalSection,7_2_00007FFDF80B7E67
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exeCode function: GetLocaleInfoW,8_2_006FAE5A
Source: C:\Users\Public\Documents\aswOfferTool.exeCode function: GetLocaleInfoW,13_2_0039AE5A
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exeQueries volume information: C:\Windows\Temp\asw.c8e10c29a108e125\servers.def.vpx VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log VolumeInformationJump to behavior
Source: C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_00304190 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,0_2_00304190
Source: C:\Users\user\Desktop\_.exeCode function: 0_2_0030B910 GetVersion,GetModuleHandleW,GetProcAddress,GetSystemFirmwareTable,GetSystemFirmwareTable,GetModuleHandleW,GetProcAddress,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,UnmapViewOfFile,0_2_0030B910
Source: C:\Users\user\Desktop\_.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
Network Sniffing		1
System Time Discovery		Remote Services11
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts13
Command and Scripting Interpreter		2
DLL Search Order Hijacking		2
DLL Search Order Hijacking		2
Obfuscated Files or Information		11
Input Capture		2
File and Directory Discovery		Remote Desktop Protocol11
Input Capture		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		1
Windows Service		1
DLL Side-Loading		Security Account Manager1
Network Sniffing		SMB/Windows Admin Shares2
Clipboard Data		3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Bootkit		12
Process Injection		2
DLL Search Order Hijacking		NTDS56
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
Masquerading		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
Virtualization/Sandbox Evasion		Cached Domain Credentials161
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Process Injection		DCSync23
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Bootkit		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1387416 Sample: _.exe Startdate: 06/02/2024 Architecture: WINDOWS Score: 45 63 v7event.stats.avast.com 2->63 65 shepherd.ff.avast.com 2->65 67 5 other IPs or domains 2->67 85 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->85 87 Sigma detected: Execution from Suspicious Folder 2->87 11 _.exe 1 3 2->11         started        signatures3 process4 dnsIp5 81 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49731, 49736 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 11->81 57 avast_free_antivir...etup_online_x64.exe, PE32+ 11->57 dropped 97 Query firmware table information (likely to detect VMs) 11->97 99 Contains functionality to infect the boot sector 11->99 16 avast_free_antivirus_setup_online_x64.exe 2 31 11->16         started        file6 signatures7 process8 file9 41 C:\Windows\Temp\...\Instup.exe, PE32+ 16->41 dropped 43 C:\Windows\Temp\...\Instup.dll, PE32+ 16->43 dropped 45 C:\Windows\Temp\...\HTMLayout.dll, PE32+ 16->45 dropped 83 Query firmware table information (likely to detect VMs) 16->83 20 Instup.exe 7 34 16->20         started        signatures10 process11 dnsIp12 69 shepherd-gcp.ff.avast.com 34.160.176.28, 443, 49740, 49761 ATGS-MMD-ASUS United States 20->69 71 z4055813.iavs9x.u.avast.com 20->71 73 5 other IPs or domains 20->73 47 C:\Windows\Temp\...\uat64.dll, PE32+ 20->47 dropped 49 C:\Windows\Temp\...\setgui_x64_ais-a2c.vpx, PE32+ 20->49 dropped 51 C:\Windows\Temp\...\sbr_x64_ais-a2c.vpx, PE32+ 20->51 dropped 53 20 other files (none is malicious) 20->53 dropped 89 Query firmware table information (likely to detect VMs) 20->89 91 Tries to delay execution (extensive OutputDebugStringW loop) 20->91 25 instup.exe 3 10 20->25         started        file13 signatures14 process15 dnsIp16 75 v7event.stats.avast.com 25->75 77 t1024579.vps18tiny.u.avcdn.net 25->77 79 13 other IPs or domains 25->79 93 Query firmware table information (likely to detect VMs) 25->93 95 Tries to delay execution (extensive OutputDebugStringW loop) 25->95 29 aswOfferTool.exe 25->29         started        32 aswOfferTool.exe 25->32         started        34 aswOfferTool.exe 25->34         started        36 aswOfferTool.exe 25->36         started        signatures17 process18 file19 59 C:\Users\Public\Documents\aswOfferTool.exe, PE32 29->59 dropped 38 aswOfferTool.exe 29->38         started        61 C:\Windows\Temp\...\gcapi.dll, PE32 32->61 dropped process20 file21 55 C:\Users\Public\Documents\gcapi.dll, PE32 38->55 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
_.exe3%ReversingLabs
_.exe3%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\Public\Documents\gcapi.dll0%ReversingLabs
C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\gcapi.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.avast.com0/0%URL Reputationsafe
http://y8002308.vtro.0%Avira URL Cloudsafe
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe0%VirustotalBrowse
http://keys.backup.norton.comLO.3120accountkeysCCT0%Avira URL Cloudsafe
https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exe0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
shepherd-gcp.ff.avast.com
34.160.176.28
truefalse
    		high
    analytics-prod-gcp.ff.avast.com
    		34.117.223.223
    		truefalse
      		high
      m0658849.iavs9x.u.avast.com
      		unknown
      		unknownfalse
        		high
        shepherd.ff.avast.com
        		unknown
        		unknownfalse
          		high
          h4305360.iavs9x.u.avast.com
          		unknown
          		unknownfalse
            		high
            c3978047.iavs9x.u.avast.com
            		unknown
            		unknownfalse
              		high
              b8003600.vps18tiny.u.avcdn.net
              		unknown
              		unknownfalse
                		high
                iavs9x.u.avcdn.net
                		unknown
                		unknownfalse
                  		high
                  h4444966.vps18tiny.u.avcdn.net
                  		unknown
                  		unknownfalse
                    		high
                    v7event.stats.avast.com
                    		unknown
                    		unknownfalse
                      		high
                      l4691727.vps18tiny.u.avcdn.net
                      		unknown
                      		unknownfalse
                        		high
                        r3802239.iavs9x.u.avast.com
                        		unknown
                        		unknownfalse
                          		high
                          s-iavs9x.avcdn.net
                          		unknown
                          		unknownfalse
                            		high
                            s-vps18tiny.avcdn.net
                            		unknown
                            		unknownfalse
                              		high
                              n4291289.iavs9x.u.avast.com
                              		unknown
                              		unknownfalse
                                		high
                                analytics.avcdn.net
                                		unknown
                                		unknownfalse
                                  		high
                                  n8283613.iavs9x.u.avast.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    z4055813.iavs9x.u.avast.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      r4427608.vps18tiny.u.avcdn.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        s1843811.iavs9x.u.avast.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          t1024579.vps18tiny.u.avcdn.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            g1928587.iavs9x.u.avast.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://shepherd.ff.avast.com/false
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://j0294597.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://n8283613.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://h4444966.vps18tiny.u.avcdn.net/vps18tiny=instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://h4305360.vps18tiny.u.avcdn.net/vps18tinyp&nInstup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://j0294597.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://s-vpsnitrotiny.avcdn.net/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://p1043812.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://b8003600.vps18tiny.u.avcdn.net/vps18tinyI/Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://c3978047.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://id.avast.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://v7event.stats.avast.com:443/cgi-bin/iavsevents.cgiavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689043034.000002305EAC2000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003550363.000002305EAB5000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499765173.000002305EAB8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://h4444966.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://m0658849.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fontbureau.com/designersavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://h4444966.vps18tiny.u.avcdn.net/vps18tiny(instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://j0294597.vpsnitro.u.avast.com/vpsnitro8Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://m0658849.vps18tiny.u.avcdn.net/vps18tinyinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://w5805295.vps18tiny.u.avcdn.net/vps18tinycinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://keys.backup.norton.comLO.3120accountkeysCCTavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		low
                                                                                    http://s1843811.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe_.exe, 00000000.00000003.2264432008.0000000004F4B000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263473081.0000000004F3F000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499944380.0000000004F4C000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.1645672093.0000000004F41000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000002.3499427047.0000000004EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://n8283613.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://submit5.avast.com/cgi-bin/submit50.cgiEinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://honzik.avcdn.net/setup/avast-av/release/avast_one_essential_online_setup.exeavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://s1843811.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://v7event.stats.avast.com/cgi-bin/iavsevInstup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://j0294597.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exe/instup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://w5805295.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://winqual.sb.avast.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.galapagosdesign.com/DPleaseavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://geoip.avast.com/geoavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://n4291289.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://l2983942.vpsnitro.u.avast.com/vpsnitroEt3instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://y9830512.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://p9854759.vpsnitrotiny.u.avast.com/vpsnitrotinyef&instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://n2833777.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://submit5.avast.com/cgi-bin/submit50.cgi/Dinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.google.com/intl/%s/toolbar/ie/partnereula.htmlavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://submit5.avast.com/cgi-bin/submit50.cgiyInstup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cdn-av-download.avastbrowser.com/avast_secure_browser_setup.exeavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • 0%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://r0965026.ivps9x.u.avast.com/ivps9xUInstup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://w5805295.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://w5805295.vpsnitro.u.avast.com/vpsnitro;H1instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://l2983942.iavs9x.u.avast.com/iavs9x9tinyinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://d3176133.vps18tiny.u.avcdn.net/vps18tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://c3978047.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://s1843811.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://pair.ff.avast.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://p9854759.vps18tiny.u.avcdn.net/vps18tinyinitionsxinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://n8283613.iavs5x.u.avast.com/iavs5xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://r4427608.vps18tiny.u.avcdn.net/vps18tinyinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://y8002308.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://https://:allow_fallback/installer.exe_.exe, 00000000.00000000.1640845455.0000000000323000.00000002.00000001.01000000.00000003.sdmp, _.exe, 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		low
                                                                                                                                                    http://submit.sb.avast.com/V1/PD/avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://submit5.avast.com/cgi-bin/submit50.cgiYinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://n8283613.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://l4691727.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpxinstup.exe, 00000007.00000002.3505497199.000001CD53145000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://z4055813.iavs9x.u.avast.com/iavs9xtroinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgibinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgieinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://y9830512.ivps9x.u.avast.com/ivps9xtroinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://f3461309.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://keys.backup.norton.comavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064ACE000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F961C38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgioninstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://j0294597.vps18tiny.u.avcdn.net/vps18tinyInstup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://www.founder.com.cn/cn/bTheavast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3503461107.0000023062652000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • 0%, Virustotal, Browse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://h4444966.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://submit5.avast.com/cgi-bin/submit50.cgiVLinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://f3461309.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.avast.com0/avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1702962057.0000023064F78000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1694875219.0000023063CFF000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1696109190.0000023065790000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1803436052.000001F960A3B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1897202580.000001F961231000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1895754949.000001F9613A7000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899228990.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1898253785.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1904815403.000001F9620E2000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906847354.000001F960893000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908480285.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872751591.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1789751228.000001F960A3F000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1899628116.000001F96123C000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1820543746.000001F96123E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1906712691.000001F960A31000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907823944.000001F96123B000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1910050844.000001F961235000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1774291249.000001F960BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://d3176133.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://z4055813.ivps9tiny.u.avast.com/ivps9tinynvinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgipxvinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://p9854759.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://submit5.avast.com/cgi-bin/submit50.cgiv/dInstup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://sm00.avast.com/cgi-bin/iavsup2.cgiavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872024877.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907044959.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1908801309.000001F96088E000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://y8002308.vtro.avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi_arm64_aisinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://l2983942.iavs9x.u.avast.com/iavs9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002451449.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2293105568.000002305EAAA000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.3003730201.000002305EAB0000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000002.3499650768.000002305EAB1000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://v7.stats.avast.com/cgi-bin/iavs4stats.cgialseinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://b7210692.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1689159627.000002305EAAC000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://n2833777.vps18.u.avcdn.net/vps18avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://p9854759.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://r0965026.ivps9tiny.u.avast.com/ivps9tiny;F1instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://g1928587.vpsnitrotiny.u.avast.com/vpsnitrotinyiff-methodinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://r3802239.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://sm00.avast.com/cgi-bin/iavsup2.cgitro2)Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://ipm.avcdn.net/avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002277965.0000023063C6D000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000002.3501019475.000001F95D94B000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506376000.000001CD535FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://g1928587.iavs9x.u.avast.com/iavs9x8tinyInstup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://n2833777.ivps9x.u.avast.com/ivps9xavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://y9830512.ivps9tiny.u.avast.com/ivps9tinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://v7.stats.avast.com/cgi-bin/iavs4stats.cgi.cgipeinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://n8283613.vps18tiny.u.avcdn.net/vps18tinyKInstup.exe, 00000003.00000003.1819552606.000001F960830000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1907173596.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1872097070.000001F960831000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819529091.000001F960826000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://z4055813.vpsnitro.u.avast.com/vpsnitroavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://f3461309.vpsnitrotiny.u.avast.com/vpsnitrotinyavast_free_antivirus_setup_online_x64.exe, 00000001.00000003.1685805169.0000023063BE0000.00000004.00000800.00020000.00000000.sdmp, avast_free_antivirus_setup_online_x64.exe, 00000001.00000003.2002248143.0000023063C80000.00000004.00000020.00020000.00000000.sdmp, Instup.exe, 00000003.00000003.1819488711.000001F960880000.00000004.00000020.00020000.00000000.sdmp, instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://r0965026.vps18tiny.u.avcdn.net/vps18tinystinstup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://v7event.stats.avast.com/_.exe, 00000000.00000002.3500899768.0000000004FBE000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2263917306.0000000004FB1000.00000004.00000020.00020000.00000000.sdmp, _.exe, 00000000.00000003.2264355465.0000000004FBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://j0294597.vps18tiny.u.avcdn.net/vps18tiny9E7instup.exe, 00000007.00000002.3506293170.000001CD53537000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        34.117.223.223
                                                                                                                                                                                                                                        		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                        34.160.176.28
                                                                                                                                                                                                                                        		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                        Analysis ID:1387416
                                                                                                                                                                                                                                        Start date and time:2024-02-06 10:54:18 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 10m 35s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:15
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:_.exe
                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                        Original Sample Name:_
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal45.troj.evad.winEXE@16/62@84/2
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 172.253.124.138, 172.253.124.101, 172.253.124.139, 172.253.124.113, 172.253.124.102, 172.253.124.100, 96.7.225.211, 96.7.225.187, 2.22.89.11, 2.22.89.28, 23.35.209.5, 2.22.89.30, 2.22.89.22, 142.251.15.97
                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): u4.avcdn.net.edgesuite.net, fs.microsoft.com, slscr.update.microsoft.com, e9229.dscd.akamaiedge.net, ctldl.windowsupdate.com, a117.dscd.akamai.net, iavs9x4.u.avcdn.net.edgesuite.net, fe3cr.delivery.mp.microsoft.com, a27.dscd.akamai.net, ssl.google-analytics.com, fallbackupdates.avcdn.net.edgekey.net, ocsp.digicert.com, www.google-analytics.com
                                                                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        34.117.223.223MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        ATT00001.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • v7event.stats.avast.com/cgi-bin/iavsevents.cgi
                                                                                                                                                                                                                                        34.160.176.28jcreator_6i-6JJ1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          jcreator_6i-6JJ1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.InstallCore.4042.19460.13818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              SecuriteInfo.com.Trojan.InstallCore.4042.19460.13818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                  CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                    https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      wechat_XC560-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        wechat_XC560-1.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          shepherd-gcp.ff.avast.comCCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          MDE_File_Sample_c7da8e8d530606f98d3014dbf9ce345b0d07dd48.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          MDE_File_Sample_bacdeece4458ac1ee50cb505bd775588c4616b45.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          avast_vpn_online_setup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          analytics-prod-gcp.ff.avast.comCCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          CCleaner.exeGet hashmaliciousRMSRemoteAdmin, Remote UtilitiesBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclientGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          MDE_File_Sample_bacdeece4458ac1ee50cb505bd775588c4616b45.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          fences-1.0.1.0.0-installer_t-TafY1.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          avast_vpn_online_setup.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          CCleanerBundle-616-Setup.exeGet hashmaliciousRaccoon Stealer v2, RedAlertBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223

                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGBtO55PhUbM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.237.239
                                                                                                                                                                                                                                                          BtO55PhUbM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.237.239
                                                                                                                                                                                                                                                          YoECnoo0ah.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          6XftWVqBgl.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          installerplugin.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.237.239
                                                                                                                                                                                                                                                          9dDFUhi7hw.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Glupteba, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                          • 34.117.186.192
                                                                                                                                                                                                                                                          MDE_File_Sample_04afb10ed5a38a58bac2ab1a84910a4718ddb06a.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.237.239
                                                                                                                                                                                                                                                          ATGS-MMD-ASUShttp://covulaml.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.149.101.235
                                                                                                                                                                                                                                                          http://llink.toGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.149.73.226
                                                                                                                                                                                                                                                          https://llink.to/?u=//khalidgroup.com.pk/samn//yrirlgnacazzdj7cbvflzpo5xszgkfcwjjmwnkd4aloqhvilzwhdsvcpkqfdnkrdgudv6cpfquidnff2ktzpuhxzzhgzi3hflya7lwe3gh3yb1525d4sfqohntrreh8fnenjsfkqu1auh38bamuqtfswsdlw21qm6zeclylfhxqujkcndbdeecgocf5kskxoe1szilce/dG9tLmZyb3N0QGJha2thdm9yLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 34.149.73.226
                                                                                                                                                                                                                                                          https://llink.to/?u=//nobilismkt.com/new/auth/ayhtxavoebqlyizozsxuettimlymzpcd1tiav8frjsrnguazlvro1jivkvfqvxpfc1bjl4wj3gmtmdjpzvl4xzzmcfh1aykhs6aslqumsjcnnenwrjuxse3hozryg1qv1jqsutycm0ar4yvsbsu0nmwfdcys7qlngfauogammgdkwograz08gu8z1tvdwypofxn4zklh/dGFueWEuaHVkbmFsbEB0ZGNqLnRleGFzLmdvdg==Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 34.149.73.226
                                                                                                                                                                                                                                                          https://llink.to/?u=//enchantedlizard.com/3newly3/ditto/gfdoaq20bkvnh07widkk53bh0rvdh22tl8uth11say8ziltyrsdt6fzuhrdvqrlufb3ercsglhx2dwe7o0qhsvkywavooilbwyoy12adkstkifrplzwifghnqmmfq2jqtw6ineerki34emsfd6mvtlhbzkubrhuxz81ntsp4fdpymv8bsj6b04ezu4tz0k53mln2dxkl/YW5uZW1hcmllLm1pbmFpZGlzQGNoZW0ubHU=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 34.149.73.226
                                                                                                                                                                                                                                                          BtO55PhUbM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                          BtO55PhUbM.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                          https://llink.to/?u=//enchantedlizard.com/3newly3/ditto/gfdoaq20bkvnh07widkk53bh0rvdh22tl8uth11say8ziltyrsdt6fzuhrdvqrlufb3ercsglhx2dwe7o0qhsvkywavooilbwyoy12adkstkifrplzwifghnqmmfq2jqtw6ineerki34emsfd6mvtlhbzkubrhuxz81ntsp4fdpymv8bsj6b04ezu4tz0k53mln2dxkl/YW5uZW1hcmllLm1pbmFpZGlzQGNoZW0ubHU=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 34.149.73.226
                                                                                                                                                                                                                                                          6Ts4MrwFq7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                          • 57.244.141.3

                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          74954a0c86284d0d6e1c4efefe92b521SecuriteInfo.com.Trojan.KillProc2.18834.21003.25927.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          SecuriteInfo.com.Trojan.KillProc2.18834.21003.25927.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          $RVQLQNQ.crdownloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          https://fst.oiu.edu.sd/1xz/?69423981Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          https://motoclubefaro.com/bbe/?47174881Get hashmaliciousPikaBotBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          Patch_JB_2023.x.x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          Patch_JB_2023.x.x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1Swift_Advice.bat.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          New_Order.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          ZeUE9dWOD2.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          PRODUCT.batGet hashmaliciousAveMaria, DBatLoader, UACMeBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          PO4540542295GTS-EE-9507-QTN-9507-232.batGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          MdO7pWHaxQ.exeGet hashmaliciousLummaC, Amadey, Fabookie, Glupteba, LummaC Stealer, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          YoECnoo0ah.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          6XftWVqBgl.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28
                                                                                                                                                                                                                                                          https://docs.google.com/presentation/d/e/2PACX-1vSH4lM7eQkU2av073dET-ylOnpWK7x2UsSsoo1EBJFZ3Jc3jlG3kq60tNbeKZ3zuoY3RyYhb8SjGR9o/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                          • 34.160.176.28

                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                          C:\Users\Public\Documents\gcapi.dllMicrostub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            Microstub.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              ATT00001.htmGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (503), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                Size (bytes):50116
                                                                                                                                                                                                                                                                Entropy (8bit):5.209529637708983
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:P4NZyCte24rxjNfqdjQS5jRjNjojLj7jQtjq7jrQHIHqahE86jN4Z81j8Hn:64rxxfqdplZ8nXstEPQHMqHHoH
                                                                                                                                                                                                                                                                MD5:0F44F9C03D9306273C1C8DEDBBB0276B
                                                                                                                                                                                                                                                                SHA1:E2B8316B5438C9E3C183B21E7D1BDF10C4DBBDD1
                                                                                                                                                                                                                                                                SHA-256:E93B00E846416594DDC6E8BEA4ADFC5EA7EE1B85624F9C6D105345821208B87E
                                                                                                                                                                                                                                                                SHA-512:A6DCC7CF03179A7FD8B44508365C7A626E5E5CBBA2DDDB023CA15B726AC64F8B5607EE92E31D11175B9E33C032BDF359E03EAE610D20DC50EF5943F3FF1480C1
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Preview:.[2024-02-06 09:55:09.289] [info ] [sfxinst ] [ 6128: 416] [7361C5: 957] --..[2024-02-06 09:55:09.289] [info ] [sfxinst ] [ 6128: 416] [7361C5: 958] START: Avast SFX stub executable..[2024-02-06 09:55:09.289] [info ] [sfxinst ] [ 6128: 416] [7361C5: 255] Entering SFX stub guarded code section...[2024-02-06 09:55:09.305] [info ] [sfxinst ] [ 6128: 416] [7361C5: 370] Running SFX 'C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe'..[2024-02-06 09:55:11.446] [info ] [sfxinst ] [ 6128: 416] [7361C5: 592] Moved extra data file 'ecoo.edat' to 'C:\Windows\Temp\asw.c8e10c29a108e125\cookie.bin'...[2024-02-06 09:55:12.008] [info ] [sfxstats ] [ 6128: 7188] [03AC9E: 149] Statistics sent successfully...[2024-02-06 09:55:12.180] [notice ] [burger_rep ] [ 6128: 7192] [64A1D8: 66] The event '70.1' was successfully sent to burger: https://analytics.avcdn.net/v4/receive/json/70...[2024-02-06 09:55:13.352] [info ] [sfxinst ] [ 6128:

                                                                                                                                                                                                                                                                C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):281
                                                                                                                                                                                                                                                                Entropy (8bit):4.656602489682623
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:fdQfUB/O7hg3IKw6B6TjyAdQfBq/OxdPKg3IKw6B6Tjy3:VJ/T16qWf/WdB16q3
                                                                                                                                                                                                                                                                MD5:2444EE08A57B752978BDD2A9696E47BF
                                                                                                                                                                                                                                                                SHA1:801E1359F55EF91EA2BAE9ED0012C249D5CBCFFB
                                                                                                                                                                                                                                                                SHA-256:A49932864D8F3B734F3333FF4DDD391AAD63D2E3CA9A4F00FC3C644EE7CD23BA
                                                                                                                                                                                                                                                                SHA-512:3FB591A89EF8230C06F418699C45D360C6C598B5D6CDD92ABCF98B74396F939662D9EFCF50DDABF308EE7063E0C49B9CFE07909DBF37AA699F728BC7609DA113
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Preview:.[2024-02-06 09:55:17.129] [info ] [burger ] [ 7296: 7300] [7BF903: 55] Storage path was not set so neither stored events are read...[2024-02-06 09:55:41.971] [info ] [burger ] [ 7808: 7812] [7BF903: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                                                                                                                C:\Users\Public\Documents\aswOfferTool.exe

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2407880
                                                                                                                                                                                                                                                                Entropy (8bit):6.786202264238909
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:c7WzKTggggMHn7hhQc38ITmSeAvAfAAEV1rnFTZT0krlGW+sDY:einjQc3QAo7ELxTZT0krgs
                                                                                                                                                                                                                                                                MD5:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                SHA1:D4659FAE426B609197A4061EBCED80268A1C18B7
                                                                                                                                                                                                                                                                SHA-256:A65BE22B429CCE201DD895F59872D0C439A53857B9B3007D48DF2D656A1F3913
                                                                                                                                                                                                                                                                SHA-512:E962F82A51C8EBAF5A1701F171379E942C4F02F9049B0F0A6A9924050C5A4BDEB34A1AF79D0A2B6EA396C21AA66461ED04EACA9CFCED7BF6C4EDE0DEB8AEEEF5
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......'.L.c}".c}".c}"...!.m}"...'..}".e..h}".e.&.w}".e.!.z}".e.'.<}"...&.{}".j...a}".5.&..}".c}".e}"...&.o}"...#.~}".c}#..|"...+..}"...".b}"....b}".c}..a}"... .b}".Richc}".........................PE..L....e...............&..........................@...........................$.......%...@........................................................x.$.P)... $.|....W......................@X.......V..@...............d............................text............................... ..`.rdata...I.......J..................@..@.data...Dm.......H..................@....rsrc...............D..............@..@.reloc..|.... $.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Users\Public\Documents\gcapi.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):888600
                                                                                                                                                                                                                                                                Entropy (8bit):6.799400661071435
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                                                                                                                MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                                                                                                                SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                                                                                                                SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                                                                                                                SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: Microstub.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                • Filename: ATT00001.htm, Detection: malicious, Browse
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\_.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):10700528
                                                                                                                                                                                                                                                                Entropy (8bit):7.9218623267691415
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:196608:3rcevof5kXIYq9acNbbEPFN+amczNZezTAAZKnopC2MtSQbRo:bcevW5kYLaqmr+amMNZezTAAZKY
                                                                                                                                                                                                                                                                MD5:3BA1265F701C2D4A6EDEC89270D18B2F
                                                                                                                                                                                                                                                                SHA1:6E1039C659DE49EE6E47083EF3BA806FE65024F9
                                                                                                                                                                                                                                                                SHA-256:A3CE0BDF5CC6463DA1CE8E35C882BB6022375B6CCC6177BDEAC90F7DB8B1985B
                                                                                                                                                                                                                                                                SHA-512:8B955E90EC7DFC17E7B34A174AF66D2EBCBF7DE6189BDEA138C347C83B3051C8316EF7D8B8BAF6B4759C4DFF65FCBDBCA66E21C854847D066D32B22BBCEB280D
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......H.......................q......q.....q.....q.x.........,....t..........Z..........................fq....fq....fq.......p....fq....Rich...................PE..d...2..e.........."....&.....4.................@.........................................`..........................................6.......6..d........x......X.......P)...`.......d.......................f..(....G..@................... "..@....................text...,........................... ..`.rdata...=.......>..................@..@.data........P...X...B..............@....pdata..X...........................@..@.didat..@............X..............@..._RDATA...............^..............@..@.rsrc....x.......x...`..............@..@.reloc.......`......................@..B........................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.75bd35e031d85f83\ecoo.edat

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\_.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):21
                                                                                                                                                                                                                                                                Entropy (8bit):3.064969661782226
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1HNE:5NE
                                                                                                                                                                                                                                                                MD5:58D47CFA451DFB6748BE33A8F4069F49
                                                                                                                                                                                                                                                                SHA1:7CA703BC598C8ED5D98407833ECEBE7D5EFEC80B
                                                                                                                                                                                                                                                                SHA-256:8EBBEC1CCAB81B5AB09770E38ED72B0F830C5BBDABD1E68979C9DD79BB278883
                                                                                                                                                                                                                                                                SHA-512:4F636E1664C3884F6406AEDE91D8C6E2A0CFF876D1BE45014307C8A247F267F8B8DB8A67EDF43EE989FD59E1A74AB047D96CBAC308D57CB00576CF4AF14D4AFB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:mmm_ava_tst_007_402_a

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\HTMLayout.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4159384
                                                                                                                                                                                                                                                                Entropy (8bit):6.48294011472113
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:98304:sNJsXdVwQll/DRKIymdz69dbrqNeWRPxur:sYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                MD5:99A02B6261B6466FEB3A3AA473E0FA39
                                                                                                                                                                                                                                                                SHA1:C23FC6FDA665C7F972FD4D5E570D8CA0AD5FA939
                                                                                                                                                                                                                                                                SHA-256:FF69D32DD0A916824BD7FFE4B340B08E425AB80FBD94883FCC94508E1366CC8D
                                                                                                                                                                                                                                                                SHA-512:D76D175D56C67398DC4DA898E429FA39521BA4618666071B94D5047CFA3CB901AA1002CA581EE3790531E519E5F5A5BDDDDFA6BDEEC877003C34C2083D1B8739
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...y..e.........." ...&..0..........G(.......................................?.......@...`A..........................................;.....D.;.,....p>.....`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc.......p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\Instup.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):23594392
                                                                                                                                                                                                                                                                Entropy (8bit):6.697133943906838
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:393216:rc9+XCAdRqLdiDE3CZyabT+thSibmQuFb04vClrQUp81:rc9D3CHbSth78v
                                                                                                                                                                                                                                                                MD5:D330849F66184BF95751ACBC18E7D464
                                                                                                                                                                                                                                                                SHA1:E92AD95F6D3094D01BC35494D98C3C8600B70DB3
                                                                                                                                                                                                                                                                SHA-256:E40CB7C9D56E8F6F38B930F9B329D875B3D83156EC14414B1ACCE316967B81AB
                                                                                                                                                                                                                                                                SHA-512:DAA4975C2ED96DEA2245648FB042B624C6BCE750BFE16117E6E1A3FC6CEDD465CB01F49B32646225916FF6904F2AFDA97CFFAC1B67B2B96671F38710DDEBEC5F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......K.3...]...]...]...X...]...X..].......]...Y...]...^...]...Y.7.].......].Y.Y..]...[...]...Y...].Y.X.'.]...Y...]...X...]...]...]..^...]..Y...]...\.J.]...\..]...^...]...X..].e.T...].e.]...].e.....].......].e._...].Rich..].........PE..d....e.........." ...&.6............O.......................................i......h...`A.........................................4.......:.......0..h....p..\...H.g.P)....g...............................(...P..@............P...#..H........................text...-4.......6.................. ..`.rdata..^a-..P...b-..:..............@..@.data............0..................@....pdata..\....p......................@..@.didat.. ............V..............@....sdata...............\..............@..._RDATA....... .......`..............@..@.rsrc...h....0.......b..............@..@.reloc........g.......e.............@..B................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3889096
                                                                                                                                                                                                                                                                Entropy (8bit):6.451773659527383
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:fj/wGH4Xvec/Cw60I9vxCJ5D7y+Y/PzaOKldYzPL7aTJL52uAsKAPgJ0FuG+bDZb:z9ICjg7Q1XLOT9MK
                                                                                                                                                                                                                                                                MD5:CA4A5F3F1AADF421F89C19505055C7A9
                                                                                                                                                                                                                                                                SHA1:B1307E49372EF34297A94EC3E76D529D6422F0CE
                                                                                                                                                                                                                                                                SHA-256:5D894B08CD212B6DD092490AD8F2FB2644B18077695FE6E61D23363F920C975E
                                                                                                                                                                                                                                                                SHA-512:0AB2175193AB9707F2F3C9D78ECCAEE707735A8F013CB52324AC7B08F1606039DA399B29244C282E76AFD120888666EFA88E6877A2E9CF78976D88D7FCC07C18
                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......;..l.x.?.x.?.x.?...>.x.?y.y?{x.?y..>mx.?y..>.x.?y..>mx.?...>}x.?...>px.?...>_x.?v..?}x.?.x.?rx.?)..>{x.?...>~x.?...>bx.?.x.?.y.?...>iy.?...>~x.?..{?~x.?.x.?~x.?...>~x.?Rich.x.?........PE..d...~..e.........."....&..$......... ..........@..............................;......;...`...........................................1.......1.,.....;.H.....9.....x.;.P)....;..^....,.......................,.(...P.,.@.............$..............................text.....#.......$................. ..`.rdata........$.......$.............@..@.data...P.....2.. ....1.............@....pdata........9.......9.............@..@_RDATA.......p;.......:.............@..@.rsrc...H.....;.......:.............@..@.reloc...^....;..`....:.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvBugReport.exe (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4979096
                                                                                                                                                                                                                                                                Entropy (8bit):6.5149882818722675
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:qMLrHsld98J8Uk7J78dt3HkO0Cdlgu8BRpP+tXyiz9XuK16alrSwxjnDf0oHDzBv:O5833Mu8BMXnzVuY8ono1Z5ZHhdk01
                                                                                                                                                                                                                                                                MD5:A4406DFE192D6FC9C50F73310314AAB4
                                                                                                                                                                                                                                                                SHA1:F9CDE2E805EDF238618A99136932564BEF4529CE
                                                                                                                                                                                                                                                                SHA-256:2DC721C59424F9B5864DEF1C5F2E1076F350721AB426C9F346E19F5FBF875884
                                                                                                                                                                                                                                                                SHA-512:057660037A9F1DA025A69A8DE3FF297ECBFDD5354A37324173ACC8B941688DF193FC19215451E42418AF3DF75ACFAAC0E7E60F842D7B3C77407844AC7ADDFAAF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......[.xa...2...2...2...3..2...2...2...3...2...3...2...3h..2...3...2...3...2...2...2...3...2I..3...2...2...2I..37..2...3...2...3;..2...38..2...2F..2u..3C..2u..3...2u..2...2...2...2u..3...2Rich...2........PE..d...p..e.........."....&..2.........0Z.........@..............................L.......L...`......................................... .A.......A.,....@L.X.....I..V..H.K.P)...PL..i....:.......................:.(...@.:.@.............2.h............................text.....2.......2................. ..`.rdata..2.....2.......2.............@..@.data...0.....A..d....A.............@....pdata...V....I..X....I.............@..@_RDATA.......0L......\K.............@..@.rsrc...X....@L......^K.............@..@.reloc...i...PL..j...fK.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\AvDump.exe (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1183128
                                                                                                                                                                                                                                                                Entropy (8bit):6.448249786311894
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:MCAMa2xF/U2MtmVZD+4of1c2OhrP4KOqh0lhSMXlCTgnb5:yMa2xFs2MgVo4of1cPhzLeKgnb
                                                                                                                                                                                                                                                                MD5:02A35F3921F239A0138591A03278C8C8
                                                                                                                                                                                                                                                                SHA1:3C9134B53D8021774D3F60E690E88F55FAEB126F
                                                                                                                                                                                                                                                                SHA-256:3759F5F2FB1AAAD990D524AF629E7BF8389932F92A2A92701E082C29E3A72045
                                                                                                                                                                                                                                                                SHA-512:A20B130AEE033C8CA2C907C1669F0C60666A914F1F8E31BB185294C5E7C0C16343A3CE699B6E2E53EF6F518234F8FEF671865EF935757DB2E6E68C4B46E5151D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........i.;..oh..oh..oh.zli..oh.zjix.oh.zki..oh..h..oh.ki..oh.li..oh.|ji..oh.ji..oh.p.h..oh..oh..oh.zni..oh..nhX.oh..fi..oh..oi..oh...h..oh...h..oh..mi..ohRich..oh........................PE..d......e.........."....&.......................@..........................................`.........................................P.......4...................8...H...P)...`.................................(....J..@............0..........@....................text...\........................... ..`.rdata..(....0......................@..@.data........@...^..................@....pdata..8............z..............@..@.didat..P....p......................@..._RDATA..............................@..@.rsrc...............................@..@.reloc.......`......................@..B........................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\HTMLayout.dll (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4159384
                                                                                                                                                                                                                                                                Entropy (8bit):6.48294011472113
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:98304:sNJsXdVwQll/DRKIymdz69dbrqNeWRPxur:sYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                MD5:99A02B6261B6466FEB3A3AA473E0FA39
                                                                                                                                                                                                                                                                SHA1:C23FC6FDA665C7F972FD4D5E570D8CA0AD5FA939
                                                                                                                                                                                                                                                                SHA-256:FF69D32DD0A916824BD7FFE4B340B08E425AB80FBD94883FCC94508E1366CC8D
                                                                                                                                                                                                                                                                SHA-512:D76D175D56C67398DC4DA898E429FA39521BA4618666071B94D5047CFA3CB901AA1002CA581EE3790531E519E5F5A5BDDDDFA6BDEEC877003C34C2083D1B8739
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...y..e.........." ...&..0..........G(.......................................?.......@...`A..........................................;.....D.;.,....p>.....`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc.......p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw0237362d67824d4a.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4979096
                                                                                                                                                                                                                                                                Entropy (8bit):6.5149882818722675
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:qMLrHsld98J8Uk7J78dt3HkO0Cdlgu8BRpP+tXyiz9XuK16alrSwxjnDf0oHDzBv:O5833Mu8BMXnzVuY8ono1Z5ZHhdk01
                                                                                                                                                                                                                                                                MD5:A4406DFE192D6FC9C50F73310314AAB4
                                                                                                                                                                                                                                                                SHA1:F9CDE2E805EDF238618A99136932564BEF4529CE
                                                                                                                                                                                                                                                                SHA-256:2DC721C59424F9B5864DEF1C5F2E1076F350721AB426C9F346E19F5FBF875884
                                                                                                                                                                                                                                                                SHA-512:057660037A9F1DA025A69A8DE3FF297ECBFDD5354A37324173ACC8B941688DF193FC19215451E42418AF3DF75ACFAAC0E7E60F842D7B3C77407844AC7ADDFAAF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......[.xa...2...2...2...3..2...2...2...3...2...3...2...3h..2...3...2...3...2...2...2...3...2I..3...2...2...2I..37..2...3...2...3;..2...38..2...2F..2u..3C..2u..3...2u..2...2...2...2u..3...2Rich...2........PE..d...p..e.........."....&..2.........0Z.........@..............................L.......L...`......................................... .A.......A.,....@L.X.....I..V..H.K.P)...PL..i....:.......................:.(...@.:.@.............2.h............................text.....2.......2................. ..`.rdata..2.....2.......2.............@..@.data...0.....A..d....A.............@....pdata...V....I..X....I.............@..@_RDATA.......0L......\K.............@..@.rsrc...X....@L......^K.............@..@.reloc...i...PL..j...fK.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw444163db9114c94a.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1183128
                                                                                                                                                                                                                                                                Entropy (8bit):6.448249786311894
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:MCAMa2xF/U2MtmVZD+4of1c2OhrP4KOqh0lhSMXlCTgnb5:yMa2xFs2MgVo4of1cPhzLeKgnb
                                                                                                                                                                                                                                                                MD5:02A35F3921F239A0138591A03278C8C8
                                                                                                                                                                                                                                                                SHA1:3C9134B53D8021774D3F60E690E88F55FAEB126F
                                                                                                                                                                                                                                                                SHA-256:3759F5F2FB1AAAD990D524AF629E7BF8389932F92A2A92701E082C29E3A72045
                                                                                                                                                                                                                                                                SHA-512:A20B130AEE033C8CA2C907C1669F0C60666A914F1F8E31BB185294C5E7C0C16343A3CE699B6E2E53EF6F518234F8FEF671865EF935757DB2E6E68C4B46E5151D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........i.;..oh..oh..oh.zli..oh.zjix.oh.zki..oh..h..oh.ki..oh.li..oh.|ji..oh.ji..oh.p.h..oh..oh..oh.zni..oh..nhX.oh..fi..oh..oi..oh...h..oh...h..oh..mi..ohRich..oh........................PE..d......e.........."....&.......................@..........................................`.........................................P.......4...................8...H...P)...`.................................(....J..@............0..........@....................text...\........................... ..`.rdata..(....0......................@..@.data........@...^..................@....pdata..8............z..............@..@.didat..P....p......................@..._RDATA..............................@..@.rsrc...............................@..@.reloc.......`......................@..B........................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\asw5b3bde27e96ebf24.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):23594392
                                                                                                                                                                                                                                                                Entropy (8bit):6.697133943906838
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:393216:rc9+XCAdRqLdiDE3CZyabT+thSibmQuFb04vClrQUp81:rc9D3CHbSth78v
                                                                                                                                                                                                                                                                MD5:D330849F66184BF95751ACBC18E7D464
                                                                                                                                                                                                                                                                SHA1:E92AD95F6D3094D01BC35494D98C3C8600B70DB3
                                                                                                                                                                                                                                                                SHA-256:E40CB7C9D56E8F6F38B930F9B329D875B3D83156EC14414B1ACCE316967B81AB
                                                                                                                                                                                                                                                                SHA-512:DAA4975C2ED96DEA2245648FB042B624C6BCE750BFE16117E6E1A3FC6CEDD465CB01F49B32646225916FF6904F2AFDA97CFFAC1B67B2B96671F38710DDEBEC5F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......K.3...]...]...]...X...]...X..].......]...Y...]...^...]...Y.7.].......].Y.Y..]...[...]...Y...].Y.X.'.]...Y...]...X...]...]...]..^...]..Y...]...\.J.]...\..]...^...]...X..].e.T...].e.]...].e.....].......].e._...].Rich..].........PE..d....e.........." ...&.6............O.......................................i......h...`A.........................................4.......:.......0..h....p..\...H.g.P)....g...............................(...P..@............P...#..H........................text...-4.......6.................. ..`.rdata..^a-..P...b-..:..............@..@.data............0..................@....pdata..\....p......................@..@.didat.. ............V..............@....sdata...............\..............@..._RDATA....... .......`..............@..@.rsrc...h....0.......b..............@..@.reloc........g.......e.............@..B................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2407880
                                                                                                                                                                                                                                                                Entropy (8bit):6.786202264238909
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:c7WzKTggggMHn7hhQc38ITmSeAvAfAAEV1rnFTZT0krlGW+sDY:einjQc3QAo7ELxTZT0krgs
                                                                                                                                                                                                                                                                MD5:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                SHA1:D4659FAE426B609197A4061EBCED80268A1C18B7
                                                                                                                                                                                                                                                                SHA-256:A65BE22B429CCE201DD895F59872D0C439A53857B9B3007D48DF2D656A1F3913
                                                                                                                                                                                                                                                                SHA-512:E962F82A51C8EBAF5A1701F171379E942C4F02F9049B0F0A6A9924050C5A4BDEB34A1AF79D0A2B6EA396C21AA66461ED04EACA9CFCED7BF6C4EDE0DEB8AEEEF5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......'.L.c}".c}".c}"...!.m}"...'..}".e..h}".e.&.w}".e.!.z}".e.'.<}"...&.{}".j...a}".5.&..}".c}".e}"...&.o}"...#.~}".c}#..|"...+..}"...".b}"....b}".c}..a}"... .b}".Richc}".........................PE..L....e...............&..........................@...........................$.......%...@........................................................x.$.P)... $.|....W......................@X.......V..@...............d............................text............................... ..`.rdata...I.......J..................@..@.data...Dm.......H..................@....rsrc...............D..............@..@.reloc..|.... $.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa0dfcb5ba1c40253.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2407880
                                                                                                                                                                                                                                                                Entropy (8bit):6.786202264238909
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:c7WzKTggggMHn7hhQc38ITmSeAvAfAAEV1rnFTZT0krlGW+sDY:einjQc3QAo7ELxTZT0krgs
                                                                                                                                                                                                                                                                MD5:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                SHA1:D4659FAE426B609197A4061EBCED80268A1C18B7
                                                                                                                                                                                                                                                                SHA-256:A65BE22B429CCE201DD895F59872D0C439A53857B9B3007D48DF2D656A1F3913
                                                                                                                                                                                                                                                                SHA-512:E962F82A51C8EBAF5A1701F171379E942C4F02F9049B0F0A6A9924050C5A4BDEB34A1AF79D0A2B6EA396C21AA66461ED04EACA9CFCED7BF6C4EDE0DEB8AEEEF5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......'.L.c}".c}".c}"...!.m}"...'..}".e..h}".e.&.w}".e.!.z}".e.'.<}"...&.{}".j...a}".5.&..}".c}".e}"...&.o}"...#.~}".c}#..|"...+..}"...".b}"....b}".c}..a}"... .b}".Richc}".........................PE..L....e...............&..........................@...........................$.......%...@........................................................x.$.P)... $.|....W......................@X.......V..@...............d............................text............................... ..`.rdata...I.......J..................@..@.data...Dm.......H..................@....rsrc...............D..............@..@.reloc..|.... $.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswa9aa3d9a98bba04a.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20376
                                                                                                                                                                                                                                                                Entropy (8bit):6.6432717168168365
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:ExaZ9Qmb3KiVm+fAHANIYiWeHAM+o/8E9VF0NycX:EYZ95bhYHrYizAMxkEQ
                                                                                                                                                                                                                                                                MD5:7186713E898292BE3B07DF4FC0C4D5B4
                                                                                                                                                                                                                                                                SHA1:04C02848714CD87DFD49DBB4219929CD1B66B37A
                                                                                                                                                                                                                                                                SHA-256:7F29664315361F0D5C5C537F71D441BB0056756201D7AA6C592BF77E76A2E0C5
                                                                                                                                                                                                                                                                SHA-512:B05C54CFF483C4B90D284F51CA6462ADEFBFDA4401CB3128D74646D0394BEAEEAFE6B28D4E6EEF7FF481F3A3C0CA1EC11383D9EC9D8A98355C98BF138694B0B0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d.....e.........."....&.....0.................@.............................p.......F....`..................................................&..d....`..(....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...(....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswe2952a0845919908.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4159384
                                                                                                                                                                                                                                                                Entropy (8bit):6.48294011472113
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:98304:sNJsXdVwQll/DRKIymdz69dbrqNeWRPxur:sYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                MD5:99A02B6261B6466FEB3A3AA473E0FA39
                                                                                                                                                                                                                                                                SHA1:C23FC6FDA665C7F972FD4D5E570D8CA0AD5FA939
                                                                                                                                                                                                                                                                SHA-256:FF69D32DD0A916824BD7FFE4B340B08E425AB80FBD94883FCC94508E1366CC8D
                                                                                                                                                                                                                                                                SHA-512:D76D175D56C67398DC4DA898E429FA39521BA4618666071B94D5047CFA3CB901AA1002CA581EE3790531E519E5F5A5BDDDDFA6BDEEC877003C34C2083D1B8739
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...y..e.........." ...&..0..........G(.......................................?.......@...`A..........................................;.....D.;.,....p>.....`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc.......p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswf6bcaec66cdfba35.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3889096
                                                                                                                                                                                                                                                                Entropy (8bit):6.451773659527383
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:fj/wGH4Xvec/Cw60I9vxCJ5D7y+Y/PzaOKldYzPL7aTJL52uAsKAPgJ0FuG+bDZb:z9ICjg7Q1XLOT9MK
                                                                                                                                                                                                                                                                MD5:CA4A5F3F1AADF421F89C19505055C7A9
                                                                                                                                                                                                                                                                SHA1:B1307E49372EF34297A94EC3E76D529D6422F0CE
                                                                                                                                                                                                                                                                SHA-256:5D894B08CD212B6DD092490AD8F2FB2644B18077695FE6E61D23363F920C975E
                                                                                                                                                                                                                                                                SHA-512:0AB2175193AB9707F2F3C9D78ECCAEE707735A8F013CB52324AC7B08F1606039DA399B29244C282E76AFD120888666EFA88E6877A2E9CF78976D88D7FCC07C18
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......;..l.x.?.x.?.x.?...>.x.?y.y?{x.?y..>mx.?y..>.x.?y..>mx.?...>}x.?...>px.?...>_x.?v..?}x.?.x.?rx.?)..>{x.?...>~x.?...>bx.?.x.?.y.?...>iy.?...>~x.?..{?~x.?.x.?~x.?...>~x.?Rich.x.?........PE..d...~..e.........."....&..$......... ..........@..............................;......;...`...........................................1.......1.,.....;.H.....9.....x.;.P)....;..^....,.......................,.(...P.,.@.............$..............................text.....#.......$................. ..`.rdata........$.......$.............@..@.data...P.....2.. ....1.............@....pdata........9.......9.............@..@_RDATA.......p;.......:.............@..@.rsrc...H.....;.......:.............@..@.reloc...^....;..`....:.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\gcapi.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):888600
                                                                                                                                                                                                                                                                Entropy (8bit):6.799400661071435
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:rvqA5tAf7fM6xEV1rnF6SZT0kiSJN5H9tmGn7sL0h:eAvAfAAEV1rnFTZT0krlGW+Y
                                                                                                                                                                                                                                                                MD5:3EAD47F44293E18D66FB32259904197A
                                                                                                                                                                                                                                                                SHA1:E61E88BD81C05D4678AEB2D62C75DEE35A25D16B
                                                                                                                                                                                                                                                                SHA-256:E0D08B9DA7E502AD8C75F8BE52E9A08A6BCD0C5F98D360704173BE33777E4905
                                                                                                                                                                                                                                                                SHA-512:927A134BDAEC1C7C13D11E4044B30F7C45BBB23D5CAF1756C2BEADA6507A69DF0A2E6252EC28A913861E4924D1C766704F1036D7FC39C6DDB22E5EB81F3007F0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....]vc.........."!....."...<......................................................X.....@A.........................x.......y.......P..@............f...)...`..ht..|g.......................f......8A..............d}...............................text....!.......".................. ..`.rdata...}...@...~...&..............@..@.data....O.......>..................@....00cfg..............................@..@.tls......... ......................@....voltbl......0..........................malloc_h.....@...................... ..`.rsrc...@....P......................@..@.reloc..ht...`...v..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.dll (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):23594392
                                                                                                                                                                                                                                                                Entropy (8bit):6.697133943906838
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:393216:rc9+XCAdRqLdiDE3CZyabT+thSibmQuFb04vClrQUp81:rc9D3CHbSth78v
                                                                                                                                                                                                                                                                MD5:D330849F66184BF95751ACBC18E7D464
                                                                                                                                                                                                                                                                SHA1:E92AD95F6D3094D01BC35494D98C3C8600B70DB3
                                                                                                                                                                                                                                                                SHA-256:E40CB7C9D56E8F6F38B930F9B329D875B3D83156EC14414B1ACCE316967B81AB
                                                                                                                                                                                                                                                                SHA-512:DAA4975C2ED96DEA2245648FB042B624C6BCE750BFE16117E6E1A3FC6CEDD465CB01F49B32646225916FF6904F2AFDA97CFFAC1B67B2B96671F38710DDEBEC5F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......K.3...]...]...]...X...]...X..].......]...Y...]...^...]...Y.7.].......].Y.Y..]...[...]...Y...].Y.X.'.]...Y...]...X...]...]...]..^...]..Y...]...\.J.]...\..]...^...]...X..].e.T...].e.]...].e.....].......].e._...].Rich..].........PE..d....e.........." ...&.6............O.......................................i......h...`A.........................................4.......:.......0..h....p..\...H.g.P)....g...............................(...P..@............P...#..H........................text...-4.......6.................. ..`.rdata..^a-..P...b-..:..............@..@.data............0..................@....pdata..\....p......................@..@.didat.. ............V..............@....sdata...............\..............@..._RDATA....... .......`..............@..@.rsrc...h....0.......b..............@..@.reloc........g.......e.............@..B................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3889096
                                                                                                                                                                                                                                                                Entropy (8bit):6.451773659527383
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:fj/wGH4Xvec/Cw60I9vxCJ5D7y+Y/PzaOKldYzPL7aTJL52uAsKAPgJ0FuG+bDZb:z9ICjg7Q1XLOT9MK
                                                                                                                                                                                                                                                                MD5:CA4A5F3F1AADF421F89C19505055C7A9
                                                                                                                                                                                                                                                                SHA1:B1307E49372EF34297A94EC3E76D529D6422F0CE
                                                                                                                                                                                                                                                                SHA-256:5D894B08CD212B6DD092490AD8F2FB2644B18077695FE6E61D23363F920C975E
                                                                                                                                                                                                                                                                SHA-512:0AB2175193AB9707F2F3C9D78ECCAEE707735A8F013CB52324AC7B08F1606039DA399B29244C282E76AFD120888666EFA88E6877A2E9CF78976D88D7FCC07C18
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......;..l.x.?.x.?.x.?...>.x.?y.y?{x.?y..>mx.?y..>.x.?y..>mx.?...>}x.?...>px.?...>_x.?v..?}x.?.x.?rx.?)..>{x.?...>~x.?...>bx.?.x.?.y.?...>iy.?...>~x.?..{?~x.?.x.?~x.?...>~x.?Rich.x.?........PE..d...~..e.........."....&..$......... ..........@..............................;......;...`...........................................1.......1.,.....;.H.....9.....x.;.P)....;..^....,.......................,.(...P.,.@.............$..............................text.....#.......$................. ..`.rdata........$.......$.............@..@.data...P.....2.. ....1.............@....pdata........9.......9.............@..@_RDATA.......p;.......:.............@..@.rsrc...H.....;.......:.............@..@.reloc...^....;..`....:.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\sbr.exe (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20376
                                                                                                                                                                                                                                                                Entropy (8bit):6.6432717168168365
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:ExaZ9Qmb3KiVm+fAHANIYiWeHAM+o/8E9VF0NycX:EYZ95bhYHrYizAMxkEQ
                                                                                                                                                                                                                                                                MD5:7186713E898292BE3B07DF4FC0C4D5B4
                                                                                                                                                                                                                                                                SHA1:04C02848714CD87DFD49DBB4219929CD1B66B37A
                                                                                                                                                                                                                                                                SHA-256:7F29664315361F0D5C5C537F71D441BB0056756201D7AA6C592BF77E76A2E0C5
                                                                                                                                                                                                                                                                SHA-512:B05C54CFF483C4B90D284F51CA6462ADEFBFDA4401CB3128D74646D0394BEAEEAFE6B28D4E6EEF7FF481F3A3C0CA1EC11383D9EC9D8A98355C98BF138694B0B0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d.....e.........."....&.....0.................@.............................p.......F....`..................................................&..d....`..(....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...(....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\Stats.ini (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):336
                                                                                                                                                                                                                                                                Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                                                                                                                MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                                                                                SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                                                                                SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                                                                                SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\Stats.ini.tmp

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):336
                                                                                                                                                                                                                                                                Entropy (8bit):3.2523664094525224
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:QoEJi2YA4mloiI9iIZiAD2JdiAD2/2iGb0iboiaYoiapJ62iT:Qo1wZ/yabFbcxqX
                                                                                                                                                                                                                                                                MD5:42C91F9498BC7F1032ECBEEEBE1F45FF
                                                                                                                                                                                                                                                                SHA1:ABB0C1682EFB109F6B6B9460B05ABFB36EF605CB
                                                                                                                                                                                                                                                                SHA-256:C16F19366C08C1D5F4FB631B3DF5335D4223518BFFF9268741D5CB4636988C20
                                                                                                                                                                                                                                                                SHA-512:BA0FE663F950CB6BEDB70576047ECAD71F2BC2C68D9ABB5B8A43AC0C41C7FA27BEC560F9E20E7F1E9BC810F534B8B72D804BBB76B9BA04337D5680FAC1601A2B
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:......[.C.o.m.p.o.n.e.n.t.s.].....a.v.b.u.g.r.e.p.o.r.t._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.6.4._.a.i.s.=.6.....a.v.d.u.m.p._.x.8.6._.a.i.s.=.6.....i.n.s.t.c.o.n.t._.x.6.4._.a.i.s.=.6.....i.n.s.t.u.p._.x.6.4._.a.i.s.=.6.....o.f.f.e.r.t.o.o.l._.x.6.4._.a.i.s.=.6.....s.b.r._.x.6.4._.a.i.s.=.6.....s.e.t.g.u.i._.x.6.4._.a.i.s.=.6.....

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\aswd4b17b5354c520d3.ini

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1368), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1680
                                                                                                                                                                                                                                                                Entropy (8bit):5.0055781134663935
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:TXfpIay6YpCwB8wqwLxoy1qNiQwqUTKCFlO:rfpLvYpTKsxoZgQ8KCFlO
                                                                                                                                                                                                                                                                MD5:7D4683D0287032871EC112C0E533989A
                                                                                                                                                                                                                                                                SHA1:32562ACFAEE997FDC4753FB0BD8D7ABCE32AC997
                                                                                                                                                                                                                                                                SHA-256:5821342549D4CF2A5C8756E07250C9F5DBB56218D97811DD9B108DD3D1649D4F
                                                                                                                                                                                                                                                                SHA-512:A65EA36C7BCF54D5FF59A908AB071565B78988A2785D304FF6EED409D56092E59506232961E1D4346DF59CB02901D71666CC434747B60359BD64356790A005A4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...[Shepherd]..ABTests=19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:b,oa-7675:c,oa-7794-fake:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_noomnianda1_smartscanfreetrail_smartscan-free---antivirus---win10---ab-test_aosstorelink_enableddwm_enabl

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\aswd4b17b5354c520d3.tmp (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):32787
                                                                                                                                                                                                                                                                Entropy (8bit):5.867143866742583
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:BY1bebwJir7ruSD3xG4xJcBMp7bvoNq5vbD:W1Sb4IHJnD
                                                                                                                                                                                                                                                                MD5:15ECE53AF10DC473ED9C5BD1112ACFD0
                                                                                                                                                                                                                                                                SHA1:2528C265AC45563850BB142853B2B56D215A1301
                                                                                                                                                                                                                                                                SHA-256:F3EE62A8FC39E38D979C2BB913F5841AD87341742193C4DAF528149A69A2C67A
                                                                                                                                                                                                                                                                SHA-512:1FE104E9B55175E84409D594C7F87E4A6F5797D1ADC0573114BCB257FB678B15746B825CEEA25A920C22D5D74756068492F27C846C518B0A843CAC1E3C6E4986
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..Lice

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\aswd4b17b5354c520d3.tmp.new

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):32787
                                                                                                                                                                                                                                                                Entropy (8bit):5.867143866742583
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:BY1bebwJir7ruSD3xG4xJcBMp7bvoNq5vbD:W1Sb4IHJnD
                                                                                                                                                                                                                                                                MD5:15ECE53AF10DC473ED9C5BD1112ACFD0
                                                                                                                                                                                                                                                                SHA1:2528C265AC45563850BB142853B2B56D215A1301
                                                                                                                                                                                                                                                                SHA-256:F3EE62A8FC39E38D979C2BB913F5841AD87341742193C4DAF528149A69A2C67A
                                                                                                                                                                                                                                                                SHA-512:1FE104E9B55175E84409D594C7F87E4A6F5797D1ADC0573114BCB257FB678B15746B825CEEA25A920C22D5D74756068492F27C846C518B0A843CAC1E3C6E4986
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[Offers.SecureBrowser]..ShowInIntro=1..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_cmp_webrep=3..ais_cmp_webrep_ie=3..ais_cmp_webrep_x64=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..Lice

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\aswfa27b6e3aa1fb2fa.ini

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (568), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):802
                                                                                                                                                                                                                                                                Entropy (8bit):5.160399418777694
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:tm7SYtaG0OMV/finmcNAxvw5uW2yT3U3AjqmpnzRwKrTOhNArloiKF1Y7h43CS/R:SaG0R/qmPvw5uAT3Mcqe7/lTKF1MS6O
                                                                                                                                                                                                                                                                MD5:8F1BE042E237256CA109B95B2D6E6FF5
                                                                                                                                                                                                                                                                SHA1:FD0FA0FF411C2AAB1F0C975FD9AFF0F958F29904
                                                                                                                                                                                                                                                                SHA-256:7E6A7A8266C0A91E8174EC45E0C19028C06A5A7B6BBF74113142CF45BC732C04
                                                                                                                                                                                                                                                                SHA-512:E5A0EBF2ABDB0C3A3242A5A0D0ED04534D36BA7BD8DC47312A8999F42C88680F8D5A1203AFFA71601F372794637ECA45543F32D278E6382D42FFB2899500E3CA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...[Shepherd]..ABTests=9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:b,oa-7675:c,oa-7794-fake:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ipm_6513_open_ui_c_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-ffe18673c106c819ec17dd8acd7625b568abfa3f2cf21e74f6b78ebd7601ce12..ConfigVersion=4890..LastUpdate=1707213317..NextUpdate=1707311339..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\aswfa27b6e3aa1fb2fa.tmp (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):29413
                                                                                                                                                                                                                                                                Entropy (8bit):5.879520968825139
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:D7r50hjbpPbNH3V2g0JigYwTTPUxoBDDGrn1OCsXhxvFr7qz9PMpmlfQXDAbvoqU:b5WZbwJiCMxSGr14xJcBMpybvonttd
                                                                                                                                                                                                                                                                MD5:A4D36F42F0B64DEB999223A0894363AE
                                                                                                                                                                                                                                                                SHA1:2CAC5043F7443893326EC6915E4B1EFEC8ED2029
                                                                                                                                                                                                                                                                SHA-256:FCB96C489524B1E07727969DD6E42D2E4207A585C0E6266EB184CF0AA819C786
                                                                                                                                                                                                                                                                SHA-512:82D215BC05A388EDD9AB3B8CB4524AB30C962E990423F9BEB8FB639F5006454A8B1CC79C6662F5E7BE199F65241210AE3F3C19841131EF8FD0F516E3868C3A0C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkipp

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\aswfa27b6e3aa1fb2fa.tmp.new

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):29413
                                                                                                                                                                                                                                                                Entropy (8bit):5.879520968825139
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:D7r50hjbpPbNH3V2g0JigYwTTPUxoBDDGrn1OCsXhxvFr7qz9PMpmlfQXDAbvoqU:b5WZbwJiCMxSGr14xJcBMpybvonttd
                                                                                                                                                                                                                                                                MD5:A4D36F42F0B64DEB999223A0894363AE
                                                                                                                                                                                                                                                                SHA1:2CAC5043F7443893326EC6915E4B1EFEC8ED2029
                                                                                                                                                                                                                                                                SHA-256:FCB96C489524B1E07727969DD6E42D2E4207A585C0E6266EB184CF0AA819C786
                                                                                                                                                                                                                                                                SHA-512:82D215BC05A388EDD9AB3B8CB4524AB30C962E990423F9BEB8FB639F5006454A8B1CC79C6662F5E7BE199F65241210AE3F3C19841131EF8FD0F516E3868C3A0C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_sfzone=3..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkipp

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\avbugreport_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4979096
                                                                                                                                                                                                                                                                Entropy (8bit):6.5149882818722675
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:qMLrHsld98J8Uk7J78dt3HkO0Cdlgu8BRpP+tXyiz9XuK16alrSwxjnDf0oHDzBv:O5833Mu8BMXnzVuY8ono1Z5ZHhdk01
                                                                                                                                                                                                                                                                MD5:A4406DFE192D6FC9C50F73310314AAB4
                                                                                                                                                                                                                                                                SHA1:F9CDE2E805EDF238618A99136932564BEF4529CE
                                                                                                                                                                                                                                                                SHA-256:2DC721C59424F9B5864DEF1C5F2E1076F350721AB426C9F346E19F5FBF875884
                                                                                                                                                                                                                                                                SHA-512:057660037A9F1DA025A69A8DE3FF297ECBFDD5354A37324173ACC8B941688DF193FC19215451E42418AF3DF75ACFAAC0E7E60F842D7B3C77407844AC7ADDFAAF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......[.xa...2...2...2...3..2...2...2...3...2...3...2...3h..2...3...2...3...2...2...2...3...2I..3...2...2...2I..37..2...3...2...3;..2...38..2...2F..2u..3C..2u..3...2u..2...2...2...2u..3...2Rich...2........PE..d...p..e.........."....&..2.........0Z.........@..............................L.......L...`......................................... .A.......A.,....@L.X.....I..V..H.K.P)...PL..i....:.......................:.(...@.:.@.............2.h............................text.....2.......2................. ..`.rdata..2.....2.......2.............@..@.data...0.....A..d....A.............@....pdata...V....I..X....I.............@..@_RDATA.......0L......\K.............@..@.rsrc...X....@L......^K.............@..@.reloc...i...PL..j...fK.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1183128
                                                                                                                                                                                                                                                                Entropy (8bit):6.448249786311894
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:MCAMa2xF/U2MtmVZD+4of1c2OhrP4KOqh0lhSMXlCTgnb5:yMa2xFs2MgVo4of1cPhzLeKgnb
                                                                                                                                                                                                                                                                MD5:02A35F3921F239A0138591A03278C8C8
                                                                                                                                                                                                                                                                SHA1:3C9134B53D8021774D3F60E690E88F55FAEB126F
                                                                                                                                                                                                                                                                SHA-256:3759F5F2FB1AAAD990D524AF629E7BF8389932F92A2A92701E082C29E3A72045
                                                                                                                                                                                                                                                                SHA-512:A20B130AEE033C8CA2C907C1669F0C60666A914F1F8E31BB185294C5E7C0C16343A3CE699B6E2E53EF6F518234F8FEF671865EF935757DB2E6E68C4B46E5151D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........i.;..oh..oh..oh.zli..oh.zjix.oh.zki..oh..h..oh.ki..oh.li..oh.|ji..oh.ji..oh.p.h..oh..oh..oh.zni..oh..nhX.oh..fi..oh..oi..oh...h..oh...h..oh..mi..ohRich..oh........................PE..d......e.........."....&.......................@..........................................`.........................................P.......4...................8...H...P)...`.................................(....J..@............0..........@....................text...\........................... ..`.rdata..(....0......................@..@.data........@...^..................@....pdata..8............z..............@..@.didat..P....p......................@..._RDATA..............................@..@.rsrc...............................@..@.reloc.......`......................@..B........................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\avdump_x86_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1056152
                                                                                                                                                                                                                                                                Entropy (8bit):6.601428918675719
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:24576:i5fvrZFtYuB29VEFV5qSh0lhSMXl0wi5:EvhcVKV5qPQ
                                                                                                                                                                                                                                                                MD5:029CE52C12EAE09B09CF108248580CD2
                                                                                                                                                                                                                                                                SHA1:AE1AB4E8A00C2E582473070C390773C1130F6617
                                                                                                                                                                                                                                                                SHA-256:960D9D6AA39FF7645EFF9DA658F429C572A380B2E34F58F13070AF9A4099BEC0
                                                                                                                                                                                                                                                                SHA-512:4A2D0CF638D32F5508FE5A73B82B9FE5B12DE96331B3AA162369E0469F87CA13C7982FCFC99D7BE2C26468F3E639316C0BBCE936607CE2F4C14551577CCACEF1
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........U3u.4]&.4]&.4]&IF^'.4]&IFX',4]&IFY'.4]&...&.4]&..Y'.4]&..^'.4]&C@X'.4]&..X'.4]&.L.&.4]&.4]&.4]&IF\'.4]&.4\&.5]&.T'.4]&.]'.4]&.&.4]&.4.&.4]&._'.4]&Rich.4]&................PE..L....e...............&....................0....@..........................P.......#....@.........................pC......TD......................H...P)......l...0K.......................K.......?..@............0..8...4A..@....................text............................... ..`.rdata...(...0...*... ..............@..@.data....w...`...R...J..............@....didat..(...........................@....rsrc...............................@..@.reloc..l............h..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\config.def

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [BreachGuard]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):28892
                                                                                                                                                                                                                                                                Entropy (8bit):5.879086158272582
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:Dqi50hjbpPbNHRV2g0JigYwrTUoBDVQrZ1ONsXhxvFr7qz9rMmlfQXDSbvoqZtPU:H5WZbmJiQU2QrrbxJcdMEbvoktPU
                                                                                                                                                                                                                                                                MD5:12774C43E92F60CC72545917CA226AA1
                                                                                                                                                                                                                                                                SHA1:E9FA0CCB4ACFF049053F41FA017B00FBD36D4C6E
                                                                                                                                                                                                                                                                SHA-256:DDD77710A67F3B37298429B1A4A0D9B952084AF42FF96454DF364F42F9B7DA60
                                                                                                                                                                                                                                                                SHA-512:ECDA6377058C27A44DA5F32855AE449B5F8284AF1BAC6BF9C830E2D2495C3A05E4621AC70BACBD492AFAFC5DEBCC25974BD4CB8503BA1D014BA92F12D3B9B385
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[BreachGuard]..Enabled=0..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=0..[SecureBrowser]..UupdateInstall=0..[Symternals]..SubmitGeneration=2022-03-02..UnseenExesSubmit=2..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_bpc=0..ais_cmp_fw=2..ais_cmp_sfzone=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATBlockQuic=0..ATInjectJavascript=0..ATSkippedDomains=whatsapp.

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\config.def.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):9913
                                                                                                                                                                                                                                                                Entropy (8bit):7.98351505927488
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:QElGwRCEFiUE/cbjlObzCMrcSpnuq638XZdqLGRBpOA0O2NQqztahoYfzqO0i:QEYCCEFiUxwb7rVuH3ZLGBplmoh9bqZi
                                                                                                                                                                                                                                                                MD5:65A94D643E10FFC9156EE8F1BAE43C25
                                                                                                                                                                                                                                                                SHA1:A36D866CAC1009272855C0777D55A4A98468ABCE
                                                                                                                                                                                                                                                                SHA-256:2C9559A99BB1859206D554D1C3984787E5B4F347C5C55E8C05D3C6350EBFB760
                                                                                                                                                                                                                                                                SHA-512:AF1088A5D69ABE83C63E4585849729DF5C039F1270BA32A76932E3BEFBF1B2950B78F3DD089269078A97568E8688F4E90C3DCE06C7C6E45302D49A7DF694865D
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3.p..Y&..]..@..-.....D...5/\.(..v.D...<FG..;..`...\.J.)<{..Z.5...`_B....~.....{.......8.W...(...N.B........t..w.e.@....E.q.....q.v.[.V(2.S..v.. ..N...r...W.!......,.g...}:.M..5O:.....s...T..n.b.8.n.N>..8...^L...........,.1......d..)........6....d..Ox..wB....=eS.G..vo..i...57....0.......,h.\....,..6..2.u.. ........7.....n."G...?.>..2C..D...eL.@......}i......mL...c...zS....1.x..].<.".N..........0{n^`I.:.S...0.e..mn?1.+H.CF~.....t.>>....A.8...0.,.(.H!Ah..T.U.ER.U...t...7P.NX.....`....pE.C.;.c,....D#f^.R..".'@U.s.NR}..;h.!f.=..].......^.K..4.jE%..D..t.u.....!.):S./.7.....9.........HE...=..=Z.S:?D..t..-..Z6..T...4...F6..J4.E.\1m/......%..S....G..Q..Dk..."..p..._K.Z.F.)..Y6.iyN.r=\X..i\..i......{......I.dA.z..Q%>x.:IW.....].<...~;M.......DB....U.mn..7..T.i..*.[......;.g/7.3k...@<.0zU..+W...5o{.l...x.1..f......wJo...\.E!Q....H.f...js.]..,....{<...O.M........b`1D.<*.wo..O....f..Z|.uOe.L...5....r...+Y.8.&..$4~..{.k....y....K

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\config.ini (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (568), with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):802
                                                                                                                                                                                                                                                                Entropy (8bit):5.160399418777694
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:tm7SYtaG0OMV/finmcNAxvw5uW2yT3U3AjqmpnzRwKrTOhNArloiKF1Y7h43CS/R:SaG0R/qmPvw5uAT3Mcqe7/lTKF1MS6O
                                                                                                                                                                                                                                                                MD5:8F1BE042E237256CA109B95B2D6E6FF5
                                                                                                                                                                                                                                                                SHA1:FD0FA0FF411C2AAB1F0C975FD9AFF0F958F29904
                                                                                                                                                                                                                                                                SHA-256:7E6A7A8266C0A91E8174EC45E0C19028C06A5A7B6BBF74113142CF45BC732C04
                                                                                                                                                                                                                                                                SHA-512:E5A0EBF2ABDB0C3A3242A5A0D0ED04534D36BA7BD8DC47312A8999F42C88680F8D5A1203AFFA71601F372794637ECA45543F32D278E6382D42FFB2899500E3CA
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:...[Shepherd]..ABTests=9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:b,oa-7675:c,oa-7794-fake:b..ConfigId=5..ConfigName=Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ipm_6513_open_ui_c_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-ffe18673c106c819ec17dd8acd7625b568abfa3f2cf21e74f6b78ebd7601ce12..ConfigVersion=4890..LastUpdate=1707213317..NextUpdate=1707311339..PostponeInterval=3600..TTL=86400..TTLSpread=43200..

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\cookie.bin (copy)

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):21
                                                                                                                                                                                                                                                                Entropy (8bit):3.064969661782226
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:3:1HNE:5NE
                                                                                                                                                                                                                                                                MD5:58D47CFA451DFB6748BE33A8F4069F49
                                                                                                                                                                                                                                                                SHA1:7CA703BC598C8ED5D98407833ECEBE7D5EFEC80B
                                                                                                                                                                                                                                                                SHA-256:8EBBEC1CCAB81B5AB09770E38ED72B0F830C5BBDABD1E68979C9DD79BB278883
                                                                                                                                                                                                                                                                SHA-512:4F636E1664C3884F6406AEDE91D8C6E2A0CFF876D1BE45014307C8A247F267F8B8DB8A67EDF43EE989FD59E1A74AB047D96CBAC308D57CB00576CF4AF14D4AFB
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:mmm_ava_tst_007_402_a

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\instcont_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):3889096
                                                                                                                                                                                                                                                                Entropy (8bit):6.451773659527383
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:fj/wGH4Xvec/Cw60I9vxCJ5D7y+Y/PzaOKldYzPL7aTJL52uAsKAPgJ0FuG+bDZb:z9ICjg7Q1XLOT9MK
                                                                                                                                                                                                                                                                MD5:CA4A5F3F1AADF421F89C19505055C7A9
                                                                                                                                                                                                                                                                SHA1:B1307E49372EF34297A94EC3E76D529D6422F0CE
                                                                                                                                                                                                                                                                SHA-256:5D894B08CD212B6DD092490AD8F2FB2644B18077695FE6E61D23363F920C975E
                                                                                                                                                                                                                                                                SHA-512:0AB2175193AB9707F2F3C9D78ECCAEE707735A8F013CB52324AC7B08F1606039DA399B29244C282E76AFD120888666EFA88E6877A2E9CF78976D88D7FCC07C18
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......;..l.x.?.x.?.x.?...>.x.?y.y?{x.?y..>mx.?y..>.x.?y..>mx.?...>}x.?...>px.?...>_x.?v..?}x.?.x.?rx.?)..>{x.?...>~x.?...>bx.?.x.?.y.?...>iy.?...>~x.?..{?~x.?.x.?~x.?...>~x.?Rich.x.?........PE..d...~..e.........."....&..$......... ..........@..............................;......;...`...........................................1.......1.,.....;.H.....9.....x.;.P)....;..^....,.......................,.(...P.,.@.............$..............................text.....#.......$................. ..`.rdata........$.......$.............@..@.data...P.....2.. ....1.............@....pdata........9.......9.............@..@_RDATA.......p;.......:.............@..@.rsrc...H.....;.......:.............@..@.reloc...^....;..`....:.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\instup_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):23594392
                                                                                                                                                                                                                                                                Entropy (8bit):6.697133943906838
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:393216:rc9+XCAdRqLdiDE3CZyabT+thSibmQuFb04vClrQUp81:rc9D3CHbSth78v
                                                                                                                                                                                                                                                                MD5:D330849F66184BF95751ACBC18E7D464
                                                                                                                                                                                                                                                                SHA1:E92AD95F6D3094D01BC35494D98C3C8600B70DB3
                                                                                                                                                                                                                                                                SHA-256:E40CB7C9D56E8F6F38B930F9B329D875B3D83156EC14414B1ACCE316967B81AB
                                                                                                                                                                                                                                                                SHA-512:DAA4975C2ED96DEA2245648FB042B624C6BCE750BFE16117E6E1A3FC6CEDD465CB01F49B32646225916FF6904F2AFDA97CFFAC1B67B2B96671F38710DDEBEC5F
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......K.3...]...]...]...X...]...X..].......]...Y...]...^...]...Y.7.].......].Y.Y..]...[...]...Y...].Y.X.'.]...Y...]...X...]...]...]..^...]..Y...]...\.J.]...\..]...^...]...X..].e.T...].e.]...].e.....].......].e._...].Rich..].........PE..d....e.........." ...&.6............O.......................................i......h...`A.........................................4.......:.......0..h....p..\...H.g.P)....g...............................(...P..@............P...#..H........................text...-4.......6.................. ..`.rdata..^a-..P...b-..:..............@..@.data............0..................@....pdata..\....p......................@..@.didat.. ............V..............@....sdata...............\..............@..._RDATA....... .......`..............@..@.rsrc...h....0.......b..............@..@.reloc........g.......e.............@..B................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\offertool_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2407880
                                                                                                                                                                                                                                                                Entropy (8bit):6.786202264238909
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:49152:c7WzKTggggMHn7hhQc38ITmSeAvAfAAEV1rnFTZT0krlGW+sDY:einjQc3QAo7ELxTZT0krgs
                                                                                                                                                                                                                                                                MD5:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                SHA1:D4659FAE426B609197A4061EBCED80268A1C18B7
                                                                                                                                                                                                                                                                SHA-256:A65BE22B429CCE201DD895F59872D0C439A53857B9B3007D48DF2D656A1F3913
                                                                                                                                                                                                                                                                SHA-512:E962F82A51C8EBAF5A1701F171379E942C4F02F9049B0F0A6A9924050C5A4BDEB34A1AF79D0A2B6EA396C21AA66461ED04EACA9CFCED7BF6C4EDE0DEB8AEEEF5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......'.L.c}".c}".c}"...!.m}"...'..}".e..h}".e.&.w}".e.!.z}".e.'.<}"...&.{}".j...a}".5.&..}".c}".e}"...&.o}"...#.~}".c}#..|"...+..}"...".b}"....b}".c}..a}"... .b}".Richc}".........................PE..L....e...............&..........................@...........................$.......%...@........................................................x.$.P)... $.|....W......................@X.......V..@...............d............................text............................... ..`.rdata...I.......J..................@..@.data...Dm.......H..................@....rsrc...............D..............@..@.reloc..|.... $.......#.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\part-jrog2-132c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):695
                                                                                                                                                                                                                                                                Entropy (8bit):7.621740145739962
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:UkHAgrRux8Ghb8bYZxU/tW8qHH4h9X3aFA1juhgVUHBdQTYRNulhJ00n:UIAgdo8Ghb8sZGk8qHWhgmOOYRcr1n
                                                                                                                                                                                                                                                                MD5:F757934C2D28D322FCA999FFAFDB4584
                                                                                                                                                                                                                                                                SHA1:EB06EB4E5669519B1A6405616BF78417B1963FFE
                                                                                                                                                                                                                                                                SHA-256:09C79062FED78B3BB7BB1DA546014D812FE77904A3F161B4908DC5724FF86A12
                                                                                                                                                                                                                                                                SHA-512:73F5CD98592A0FEE596B3860FF4E02CDF3D31F3C60E86346E0D8D673B76A9CF2C344C66A5F6E4CE6EFE444385C947224E70E86038306BAD75AE39E22E669D6B4
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFile....W...x.-..OTQ....R....{E.X.....1..r...cb..?..K.......]..z..`(3....b..M.o.......w.{mnz..lro....<..s.[...98..%.....{W....fE...J...(....".jp.k[8P...u..M..O.... .(qKv^./.q..9N.'.Y,[..g...,\(.e...d../Cr..e....g.|.l.3y>C...WN..r....O...2&3.?Iv.t.O$_....&p.xr.#.X....J].&.'..(.K$w...x.F.|..q.J:..gl._. ..6.....2..?..?.....2"........a...O.?..........o..C.k|e.....9..F...=....O..D..c.?2v..9.....=c.......s...8._..[.Q.5...O..a...:.C.n...y!.dN....Ar.1.V....B.f.M.o$W.y..UG.Z..P_.w..\?..x^I...ZVH..A.uc..k...<...2y...l...G....|.s.;+....g..ir.q.R.;E...F....p.........{.....a.."_!y..5...J... j$BE...xUR.:....o.......]1...y.26.N/...... ..^...h.*.3:.5.ASWSig2B

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\part-jrog2-f4.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):211
                                                                                                                                                                                                                                                                Entropy (8bit):6.761181684056361
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:Do/QuV7Evv7bDVeCGGoLqeKmlz/xxlJg0TEnyn:MQuUv7XV/GTKOHJg/nyn
                                                                                                                                                                                                                                                                MD5:931DA1304849071957896E3FF93AD1BF
                                                                                                                                                                                                                                                                SHA1:76065D9ADF87B3542706189D51705153C567EA6A
                                                                                                                                                                                                                                                                SHA-256:736B31C632825E1392A6DF90CD5530838F81A8060082167AADB5AC7954CF4CF7
                                                                                                                                                                                                                                                                SHA-512:FA2E4863BA4BB23EE75EE354890D4AE4F2C76D394D5271469998A2184CBD21EA10A8B71993BEABC7D4288ABA2388AF965CA2DB779D65AA4F80CFA77581CEB668
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFilem...s...x..pt.Ne``.s.ue..YE..F...n.@.~....Bg.>o....K).ib.}.;.-g..|...dW..w`L...2j..*>..O..p.........a.A..@s...k+/....'e......V.>L.!..!.T.?n]..}..S.tf{a.mw.......g.k...D..7.7M.1.U.ASWSig2B

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\part-prg_ais-180117d3.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):75605
                                                                                                                                                                                                                                                                Entropy (8bit):7.997413617604422
                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                SSDEEP:1536:ITcR0hzC8d9LnSI8o+LmWgBL3BDfwbV+13RLbW04gY97hpKL1Lq4aSx4oDA:ITcyBCyhSI8pmWghBohSNbWbnPELq4Rq
                                                                                                                                                                                                                                                                MD5:C9AB86327CC6D1B698906C6B42364040
                                                                                                                                                                                                                                                                SHA1:A68E865E9C74CB891FF5040EFF2D0965F72D03E9
                                                                                                                                                                                                                                                                SHA-256:918DFC9B513535FDA13A3A1F1BB3741728936BD9B355958288A395F68090B81F
                                                                                                                                                                                                                                                                SHA-512:67ECEBCAC745588018479B39132ACEE1E6728171D01CB085C50B47B3A147CACA018E52C19DD6DC89836A85CA4CB870B227D2797AA3EBC04A74CCC4A491A80CF5
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3_&...&..]..@..(.Dx_x.F.....~..1.Pd....k...u3&iN.J...hk....q..n..O..*I..E/.~.p.....y5...<..*......./..Hg.......#.-.........k..^....U..."..nXN.T..w..L.X2|..C...-.'...A....V....I!u&h..x> .gp......$].,.r..@..i....d..........G.q....E3...9.....R..."..).0....N.?V...B9."A.4..YW}....4..~.(....;)....<.>x..lof;^n.l......."<a............p..d..%.1.vEv.,..N.z..[.5R._....[........4..].JiNa...tb.mK..OR.....D.a..I....9.-.K..*.*.*.'.....G._.J....&c...P`.G...p".y..h.\1..$...3.Hbq....y{.!...f. .H*..d.....N..'SLL......)..,...DH..Q.....0....tcb..rc...1.....57R.o...*..1.U8d.A.N/.~V@E6.T(.l..[.:.[.{zg@...9..J.h./....i.Jp...`<9,.X..]r3..0.2?./..F.......K..3...P....YN.X...(....d.....W.;G~.u..Y.}d.r.;....V.Q...............eb./.....Q...;.....q.....Wp..2......L.s].fS..K.Rp!7,....a.G..N{6T!YD.......e.m.k..R1bO.X....u...X.f(.....>.T..7.2..7G.]9.WQ.(.e#..9...m..#.B{v.ROOL..H.p...d..4..x....4E....WsS....%9......`.....(i.1..8a..'.hAE..F}.1 ..!././......41.G.

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\part-setup_ais-180117d3.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4393
                                                                                                                                                                                                                                                                Entropy (8bit):7.957130155343472
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:ec8t7IrEYmofgeR8dntn5Z80kxMYaW+qhBF0526n:ec8po0i8dtPkKFoBtM
                                                                                                                                                                                                                                                                MD5:72FEEE470E611C17FCB9494E9BF08B7D
                                                                                                                                                                                                                                                                SHA1:44FD7ADB564DA898D9F6B9D27C8D4707512601E2
                                                                                                                                                                                                                                                                SHA-256:DED1EDCAD352CB5236D924F34FEEDEE238DA2B510B36701DE35F1C001D3A5697
                                                                                                                                                                                                                                                                SHA-512:3F3E16C001BD0D339F3A1D7314DF45FB50329525247070D94554E9E0FFB660E3DD5900F8A93012CFE3CA534C1437A2A16116BDF099DB2BFBEABE566AB213255A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3?.......]..@..(.Dx_.l2......gz..k.+..).Ys..)tj..gT.\Q@w=.X...E...=v.\..S.R|.n.".....#zN...?...>.S...pJ^......uY..../Ub#Y........Q!..e..9....|..j{..JKK......|....<.f.q*M.....VN{.Y....Z.!'..M=V1;...Y=@.[..s;.y..&...>.4._"_V)...i...v*..d...l...L.#?..@.....@..'.;...3.)....^{.G......5C...........]...l}..J.\....+.".C..z..(.!.a..rK.(......#.TBA.9_...c.c.P+.F....n+.'..X.,..wl.t....C2.q\.....jm....b.R%.y....O.^...-...x.......l....M4.{c.fKu...u..R..&D..p.........b....1..U.B..)...g....}\..i.UkU..."es.c*.....td...u..B...^..@........?.r....E..M...X.d......3.4t=p..&.Y....3.~.u..c..L$..g.q...?J.1.G.K6.I'..G..P`..v.P-i...$v.i'.........;a.....!$..U.>z...bZ....:b...Rb....>\.../.~.R.Y.V.LkLd.2[}."r..3.e..o...4 ...h....RL..7.*.X...L=..!.......{i\4.(.,.....q.....<.D......CA5B.9+..=..k.......3.)..p4..(.w?.).Q...b......4.@..H.4qsc...L..U.A.y....(...q.h..;.g.C...m2.I/.OO...|S.C!.1.......s.......]...\.l..........z........(e...<..vs..;l.R.$

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\part-vps_windows-24020599.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):7291
                                                                                                                                                                                                                                                                Entropy (8bit):7.970447813391232
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:96:v7QCmoZm/1D7D04Jxlz9rndLojC18JxtKeKAS2boan39gYjWr3G9EQ+Ln:v0VoZ0D7zJPz1dL2nrKMsYyFW9EQk
                                                                                                                                                                                                                                                                MD5:6FEC596F6FDB61D6619FCE5352380D36
                                                                                                                                                                                                                                                                SHA1:BB93BE4DC8936948D16E675EA76FF690D2B1FD9D
                                                                                                                                                                                                                                                                SHA-256:0D2B5A35F380644C494D5D7D047263AB6EECF18FE7941008DBFFDAA737F28509
                                                                                                                                                                                                                                                                SHA-512:2FECBFB96997F18323434BB2190BEF5F87DBDB41510FFC81403415EB65939DD1D47E65C4F130773CD114A87F1E5AE02FEE65D3F599A6C721EA40B6FA44D79F70
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFile........x.}.eL...7..]..Kq.Xq............www..[(n......|8..L&......%.....@UBE.._.........n... '+......Q..R.Q......f.PPT.*.d.n...B.+.zq.a..S._...)......2)....&.......I...2..mb....q7.tvrr.....xy.e..u?...[.jR..J.$~Hk~.._. @.G....YB."...#..r.Z....P.V......d.W...d.fo..o..4........q@_...?...W.e./...d..R.....%..|})..].7'.;.".U.=....>.d5S..........4.......4......psKg?....Wh...q+Oe.<?0.>.ni..L...F.3lR.OI}.&-Xu...K.?..M..&l.....T..\...Z|.4hR ....a"@..9..j.Y(5..1i.V....i..I...W..)..,.....D.`..w...+.*..6....7.X.9.&....VE.......M)H..%.......i8...s. G.m.x.p+@..,......?..L..e.~.!...,...G.u..@.#G......X.=.....>.@%.....z.Wt..I...3.m.^z.?.Y.D....r 1.`....f....(.P../..5.^..>.s>T.%.....#U.=+..~Y.#.$O....7.k....O..gC...pQ..K.f`W.V.Q...r.LL..1i*....1....3....GU....&..w.m.@td._.Q.>..nLz............7./...m[..3Y...JrCt..??B..D.|..(E..E.i..<......&N..|...!.%...*...1/._..gC..`.R..so0..d.o...>......o.Sd...FV...Rg..dV../.?.Q.(e(...)>.0-}...=.].1.m;

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\part-vps_windows-24020600.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):11836
                                                                                                                                                                                                                                                                Entropy (8bit):7.964933658641629
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:WnTHmDXz+iwD27Xhivnw5lTQ8Ovu1HgZzMqvZiFdSb7tvQX5cCXLZ+UD8:WnrmDBwD27I6lOG1HGdsOd45v1+UI
                                                                                                                                                                                                                                                                MD5:526AD86C7563D8E89C79034C6F50AD4B
                                                                                                                                                                                                                                                                SHA1:445BDB18BC55AD3D067C3B84FBDAE320C73ADDAA
                                                                                                                                                                                                                                                                SHA-256:EDEDF623E34555BAFD092BABA995CCBD410E44E81663F8AD5DDFD3393765958B
                                                                                                                                                                                                                                                                SHA-512:274E9F343B81204E2BE3B440E825A51C5592D05E2429DEE7BB0843ABB7DEE71DD067D863E52E6CF2AF47FB1B3B37F923EDB9D9AAC02B3875EF7CA96F28727A87
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFileb>...-..x...y4V..7|.h.N..)..2Kf.#c.*.!!.U.2.!S.L!2.Y.L)S.D.Jd..c...Z.........q..s..>.~]....%Mv......%."""...f.....f"...*.G{nu8...-...Z9.%_....YZz.X..q+..I...J%ERg)1.6O..t..l..Kj.0\:."y.....,.....Q..+...q....u.h.!..d....B...|H...Z8.#y........d...o#....#y.Y7...$.#......?.u.._A..$/#.;.......$.C.yd.+.....DD.....?..)$O"..d.....:.."y.......H...C.:.<>..~$.!....".=H.F.{$w!k'.....HnGr..[...f$7!k#.....H.Gr..k....5H.F.*d....H.Gr..K....%H.F.W.~...".......Gr..s....l$.@r..3......~...".)H~..d$'!k".......3d.C.c....H.Fr..#....p$.!9.YC..`$.!9...H~...H.G....".>H.F....!.Cd...=....wG...]..dgd.92..1..1..........0),....xT............'Xk.....4%..].S..n3Zj.....k.g=......`.6...f.<...b24..0....&..x.dW..`R...0./..LF...&......$X.....`2*...T,..&..H...8,`..#.0.:K...`..L..b......IA.<`.K.......&.....Tf<`r.....Y..&..".LR.c..9...dS..`2i....|..L:RS.&.i.....x.....I.q.`.....&.L..a..q&t.I.j.`.s..0.s..0...........ZJ.../.0.....Lk%.L.Z.....X.....0.7..L..e.L.....}..I...I.C.`r\...

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\prod-pgm.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):573
                                                                                                                                                                                                                                                                Entropy (8bit):7.622954949364455
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:12:5oLFeDmO165zMuHHRcbWdsCv3xt/4NYHuV71pyn:IZu0DHxcbNYOUn
                                                                                                                                                                                                                                                                MD5:48CADB7D59DAF8E3B51175F48554E58D
                                                                                                                                                                                                                                                                SHA1:382379BDCB9444CEAD9037B62FAF72ECC4BD401B
                                                                                                                                                                                                                                                                SHA-256:FA9CDCDDE4F1FB32E7F7BFF8CD5DF48EF4B3ECC29CEC6803E7DD3F7BB63A35A3
                                                                                                                                                                                                                                                                SHA-512:1F3CE91F950B1DCFD7A876FDAA06446134EF73D82141E91BDC6EDA50B1083A3490A5557282695A99466700382673C6F3AF698696432B109C377250C90EA15269
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3F.......]..@..(.F...^.np....BFHeN...y.h....U'C.Em..s..\.8#k..;|;...2...}m...(./...?...V.....}.5(.MyHP..2 ...gF.W..4!J...Lmd6....$..f)8......ai..z.Q.I..=.ea"._..t..9.y..wXM). .e$..!..\....]....Mt....i..Z..Sez%..lw.R..F#..}.!".eF.W....h....HA..|.#p.\..!_.9"+......Y.. *.).3..K.Q......am .j......w.S..uz`T^l..Uu...........L....3.=K.3+.R)o5.,.TK&z.O.g.u...J.w.r.....o..*-.b..7.+.....@Hn.6.5..?.......r}........!.=..6.h..4.*..~.A..j......X.#^...tK...&.f.....F.>.......?...z..,.../,:.Z.H.uH.P......_n../.B.....!.DW.....n..ASWSig2B

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\prod-vps.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                                                                                Entropy (8bit):7.23770816131282
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:6:DulSVt/Jl0IcU7V6cajUoONyWOslRitaAhw8uYPARm/Lm3sm3boufdMo0Odzbmsn:KlY/r5cU7Vr4UZ8WDlxAq8u7Rm0dN6OH
                                                                                                                                                                                                                                                                MD5:8600F1EF43560BDADEC7E9C68520C259
                                                                                                                                                                                                                                                                SHA1:43A0FD5B73331100362632ADE4B40325F75438B3
                                                                                                                                                                                                                                                                SHA-256:D9C4986A46F09A00F6482BD517F81C6322F1E32EF20799B30EF66DFA184E0056
                                                                                                                                                                                                                                                                SHA-512:59A49101E6A98BD27F3453282221F1B59C66FC74B23E5A406E870E125D2413E2E8869E161EC88D915DB9E077134B4EE4FA78E7BED2851E5469B5020B8873E515
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFile .......x..p..ic``...pe..YE..F~...N.kP0......|\.@.. v.....f;.,:...F;.S{...).l.yf.....V.?..$.:.In..L..g..e_|w..........C..B<}Af&.;...tM..5.@......n.3.<3/%.....L*0.U. \.g.n....>...q..a..Y..n..s..9=..-...T..P..9..Sj}.^...u.......|%.E)@....._. .{...*F,..MR.V....A.).a.h....2}r.[DL..T.A......=.s.4..MZ7.).ASWSig2B

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\program.def

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):1538547
                                                                                                                                                                                                                                                                Entropy (8bit):4.9043874304886055
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:1536:cbaHndUNyN2XLYuCN4MjWCN4Qj5qpwNmvH5Rw+YGvRNpn3DMSMd5i45eRpCvWIOl:BH+NWcw7DEDF4Fts
                                                                                                                                                                                                                                                                MD5:7150F095E7D5945DD2E19ED2B6C80241
                                                                                                                                                                                                                                                                SHA1:0EE04291812F26A1E5313D7D3185EC1F983C67B2
                                                                                                                                                                                                                                                                SHA-256:0DFE0E210E81FD9ADB167B29BFCA78121475AAE30D7ED37FB07E331A02025464
                                                                                                                                                                                                                                                                SHA-512:88A12E3E355F89C6EF5CBC3238D6C909A1C18E10ED6C298B99E2EC929D6F1FACCF649F23C1C302ED9CC175E1985A5370A2EDF40E7813E08E87E3F6F505546902
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="program" name="prg_ais">.. <selection-tree>.. <selection-tree name="ais_security" name_ids="23000" desc_ids="23001">.. <node name="ais_shl_fil" name_ids="20002" desc_ids="20003" />.. <node name="ais_shl_bhv" name_ids="20014" desc_ids="20015" />.. <node name="ais_cmp_avpap" name_ids="21062" desc_ids="21063" />.. <node name="ais_shl_rsw" name_ids="20022" desc_ids="20023" />.. <node name="ais_shl_web" name_ids="20008" desc_ids="20009" />.. <node name="ais_shl_mai" name_ids="20004" desc_ids="20005" />.. <node name="ais_shl_shp" name_ids="20016" desc_ids="20017" />.. <node name="ais_shl_exch" name_ids="20018" desc_ids="20019" />.. <node name="ais_cmp_rdp" name_ids="21064" desc_ids="21065" />.. <node name="ais_cmp_secdns" name_ids="21040" desc_ids=

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\sbr_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):20376
                                                                                                                                                                                                                                                                Entropy (8bit):6.6432717168168365
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:ExaZ9Qmb3KiVm+fAHANIYiWeHAM+o/8E9VF0NycX:EYZ95bhYHrYizAMxkEQ
                                                                                                                                                                                                                                                                MD5:7186713E898292BE3B07DF4FC0C4D5B4
                                                                                                                                                                                                                                                                SHA1:04C02848714CD87DFD49DBB4219929CD1B66B37A
                                                                                                                                                                                                                                                                SHA-256:7F29664315361F0D5C5C537F71D441BB0056756201D7AA6C592BF77E76A2E0C5
                                                                                                                                                                                                                                                                SHA-512:B05C54CFF483C4B90D284F51CA6462ADEFBFDA4401CB3128D74646D0394BEAEEAFE6B28D4E6EEF7FF481F3A3C0CA1EC11383D9EC9D8A98355C98BF138694B0B0
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.L.z...{...z...{..cr...{..c....{.....{..cy...{.Rich..{.................PE..d.....e.........."....&.....0.................@.............................p.......F....`..................................................&..d....`..(....P......H&..P)...........#............................................... ..0............................text...i........................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......P......................@..@.rsrc...(....`......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\servers.def

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):30252
                                                                                                                                                                                                                                                                Entropy (8bit):5.135271305809882
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G102:Z9otwD4X63hwryPIBWrMYhOv+n8Z4q2
                                                                                                                                                                                                                                                                MD5:328DF5A6F079158F02FA851462750ACC
                                                                                                                                                                                                                                                                SHA1:1BB7FD1E444084571D7654A684FF80C5C44A97F7
                                                                                                                                                                                                                                                                SHA-256:89F57671B7CC33D68B04D22791ED81EB5AF888C22F54E0F0D2E933E62B2931B0
                                                                                                                                                                                                                                                                SHA-512:6B240CD4ED4E89FCF22F65CAC8C944DF66DF7D7D19A85B5288C705E01CBD683F6448836C55C212ADD9EC4B4CAE6BBB4DE0771AE1330683594B5F0E9C8C3B4F40
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\servers.def.lkg

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Generic INItialization configuration [server0]
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):30252
                                                                                                                                                                                                                                                                Entropy (8bit):5.135271305809882
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:qUF1L1K1v1u151i1p14191b1i1h1o151i1v1k1V1G1+1H1Y1J181V1u171G102:Z9otwD4X63hwryPIBWrMYhOv+n8Z4q2
                                                                                                                                                                                                                                                                MD5:328DF5A6F079158F02FA851462750ACC
                                                                                                                                                                                                                                                                SHA1:1BB7FD1E444084571D7654A684FF80C5C44A97F7
                                                                                                                                                                                                                                                                SHA-256:89F57671B7CC33D68B04D22791ED81EB5AF888C22F54E0F0D2E933E62B2931B0
                                                                                                                                                                                                                                                                SHA-512:6B240CD4ED4E89FCF22F65CAC8C944DF66DF7D7D19A85B5288C705E01CBD683F6448836C55C212ADD9EC4B4CAE6BBB4DE0771AE1330683594B5F0E9C8C3B4F40
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:[servers]..count=29..RepoID=iavs9x..LatestProgramVersion=167968768..LatestBusinessVersion=167968768..SendStatsFilter=2..SendDropperFilter=8..SendDropperFilter2=8..SendCrashdumpFilter=32..WrcTrafficTo=0..ShepherdUrl=shepherd.ff.avast.com..ProgUpdateConcealHours=168..V6_ProgUpdateConcealHours=168..V7_ProgUpdateConcealHours=168..V8_ProgUpdateConcealHours=168..V9_ProgUpdateConcealHours=168..V10_ProgUpdateConcealHours=168..V5_UpdateScreenElementId_1=16..V6_UpdateScreenElementId_1=16..V7_UpdateScreenElementId_1=16..V8_UpdateScreenElementId_1=16..V9_UpdateScreenElementId_1=16..V10_UpdateScreenElementId_1=16..StrmUpdateCheck=256..DaysBeforeAutoRegister=10..CheckYellow_SoftTrial=15..CheckRed_SoftTrial=11..SoftTrialLength=20..ShowAndroidAd=0..ShowAndroidLanguage=1033,1040,1046,1034,3082,1036,1031,1049,1029,1045,2052,1038,1042,1043,1041..VpsOnlineToaster=1..UpdatesNearExpireToaster=1..ExpToasterTimingReg=30,24,0;29,24,0;28,24,0;27,24,0;26,24,0;25,24,0;24,24,0;23,24,0;22,24,0;21,24,0;20,24,0;19,24

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\servers.def.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):2453
                                                                                                                                                                                                                                                                Entropy (8bit):7.912907483278095
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:48:D31oBEs2XRm52nx5ivt4+qThjoZoGhjDh9yiHPkjOaNRoLQk38jFePCen:Bo/ORmknx5Mt4+Go6G1V9f6OQ+QPsn
                                                                                                                                                                                                                                                                MD5:853F70DE2BD1D39E2B6D5AF57647974B
                                                                                                                                                                                                                                                                SHA1:57D29A712F8666A92FF9F2AFC92C7EE7412EDE17
                                                                                                                                                                                                                                                                SHA-256:2A0CA28C5F7AD60154D5A99B32CE14F9B77A8C5FF217627171CFCA20C5AC9CA2
                                                                                                                                                                                                                                                                SHA-512:9DC2373E6C8448728AB2545E4BEE5EDAFE4ADCE28B7E01CDF9D9E9DC4C36DC6F9F74DBFD012EA53B41B26BBCA1702270E60CD5E1F9A29BC31F9835C858916E68
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3,v..5...]..@..-..VF.....e.q.`.|.r+^.G.X..Zl...4Y......y..OXq9..G.g.s.....................s.k.<.......&.(....)..H..7`B.:=.-......g....sEg.8.X.o...q.L.Mu......?8.d........B[.|..g...u.....*^.>?...=.g.C...<q.y.k..=...y..kKi.C....1t.'....&.tN..,...>.l.......).E....._.v....{.yX....w...Xo..MY.[l.2..~....Q.v..Y.......e.o..j.=..l..<Q+F.....9\.>,......*..8D....y.j...q.|=[-.[r.v.9...}7./..N...\..u.Ik....a..s>Z.fJc.9..5..I..N..$7..)._..'g..>;..M-(......H=...\/`6I{O...B.jX....U.sK.IQ...:W.|\...v.}&.b.....XG<.../.M..;...r......'HuE.L.i\aY.;.(=-(.L........[i....."jR....+.K.Y.3. ...."q.../...q...C.rZg.ee...A.i....jq$F...H.....M...V...#..r.5..;.".)._(.p.v1S2fC..g.Z.z..u...;Q.-."...v...0....x....4.oc.#.m.|fLz..C.+.?8.q...%....e.Y.^.i/.J.....7..Xy9..o..!..S.._V..).Z..y>~..5.....`...CAI.9.....h.6..?.W.,@D..:&Z.}..9......4.f..!.U).J..?.......<.$........\%.Y..F.M.......t..j.~%......q.[.3..I.Y..c+..,!n+..<.....,)....J]..u.`..=......{.. ....,.......

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\setgui_x64_ais-a2c.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):4159384
                                                                                                                                                                                                                                                                Entropy (8bit):6.48294011472113
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:98304:sNJsXdVwQll/DRKIymdz69dbrqNeWRPxur:sYwQD/tKHKzUdbrqN
                                                                                                                                                                                                                                                                MD5:99A02B6261B6466FEB3A3AA473E0FA39
                                                                                                                                                                                                                                                                SHA1:C23FC6FDA665C7F972FD4D5E570D8CA0AD5FA939
                                                                                                                                                                                                                                                                SHA-256:FF69D32DD0A916824BD7FFE4B340B08E425AB80FBD94883FCC94508E1366CC8D
                                                                                                                                                                                                                                                                SHA-512:D76D175D56C67398DC4DA898E429FA39521BA4618666071B94D5047CFA3CB901AA1002CA581EE3790531E519E5F5A5BDDDDFA6BDEEC877003C34C2083D1B8739
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........RI.D3'.D3'.D3'..A"..3'.D3'.E3'.B...G3'.B."..3'.B.#.U3'.B.$.V3'..A$.Q3'..A#._3'..]#.R3'..A&.Y3'.D3&..2'......3'...'.E3'.....E3'.D3..F3'...%.E3'.RichD3'.........................PE..d...y..e.........." ...&..0..........G(.......................................?.......@...`A..........................................;.....D.;.,....p>.....`<.....HN?.P)...0?......6.......................6.(.....6.@.............0. ............................text.....0.......0................. ..`.rdata...r....0..t....0.............@..@.data........P;......6;.............@....pdata.......`<.......<.............@..@_RDATA.......`>.......>.............@..@.rsrc.......p>.......>.............@..@.reloc......0?.......>.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\setup.def

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):39810
                                                                                                                                                                                                                                                                Entropy (8bit):4.746382031963673
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:KxvwIQL0hCOW9O6uwUYE1wObyQzBS91WoWZ4JH3ZiD+FO2SMYXO:ZVB
                                                                                                                                                                                                                                                                MD5:DE92EEF2373598A2775BDF25FCE19585
                                                                                                                                                                                                                                                                SHA1:C6693DDC5D93F77525D3AB353C31265D5905CF57
                                                                                                                                                                                                                                                                SHA-256:9C1B73C1FE42B957332F3D827D107EE359B695FB82FD8AB4AD0315CC00637CBD
                                                                                                                                                                                                                                                                SHA-512:61AE6D8FA71D49EC82A75B9DF4E69AC93D8D2388A4E11A9FC0FA7FD1BE1F7294BFFE148CCD113F2C82A130C2E9C9FFC6639C52C3A5892DE17FD201744DA07791
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:.<products>.. <product-defs>.. <product name="ais">.. <part-list>.. <part type="setup" name="setup_ais" />.. </part-list>.. </product>.. </product-defs>.. <part-defs>.. <part name="setup_ais" category="fixed" type="setup" versioning="xml/24.1">.. <group-list>.. <group name="instcont_ais" />.. <group name="instup_ais" />.. <group name="setgui_ais" />.. <group name="offertool_ais" />.. <group name="avbugreport_ais" />.. <group name="avdump_x86_ais" />.. <group name="sbr_x86_ais" />.... <group name="instcont_x64_ais" />.. <group name="instup_x64_ais" />.. <group name="setgui_x64_ais" />.. <group name="offertool_x64_ais" />.. <group name="avbugreport_x64_ais" />.. <group name="avdump_x64_ais" />.. <group name="sbr_x64_ais" />.... <group name="instcont_arm64_ais" />.. <group name="instup_arm64_ais" />.. <group name="setgui_arm64_ais" />..

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\uat.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):15783
                                                                                                                                                                                                                                                                Entropy (8bit):7.988805087311179
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:r4fgrWjbIqePl2UZI3iUUNfzU09EOwhLKHmz1iL+e1L7:Xr769ejXwhxznw7
                                                                                                                                                                                                                                                                MD5:C408FB4BC7CE0E9C9E7DD18BF09619E8
                                                                                                                                                                                                                                                                SHA1:29FC0890910C2AF96396008B3F2E4794E3136CE1
                                                                                                                                                                                                                                                                SHA-256:FAB3B2329B602F9F443567CB75B2BDD57E91C50123390F4B3E36752E18997903
                                                                                                                                                                                                                                                                SHA-512:5AB162D7C9C52C547C25DA71E8F1EDFF28674371CA063AC21BBE0DCEEF289B1FEB22FD59A5398AEA79E0FF3975ECF03D5A69CA425A7DBC529ACB42ADE71300CE
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3.k..G=..]..@..&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yW....\.9f.F..||".CUy.V..n../..}X!P[.^6.YB.......z..T.rK.0..l.J%.....$...H.?..?M.vW.....p..w....Y.9+.Uj.o.6..Sp.2.,.\..... ^. ....da..j../ ...74z.T].G..H..N.+....eJwc.SY..6........5N.@4%...n.':.i..Z.kd..3..:.|.\...........(;J4.......K....(...{..r.PS.`..Gu.).......v..=D.A.]..,4...f..C.X{...O.....I...^L..Z..[..1..K.t). .+)../....!.mb..4........Y0[......l..'HV[.D.+f.T.~...e.._........u#...<.....c...E.TS..n.!5L..c....,6..sZ.G.....KT..+..s7...p..]...C.......W.......\.axO%u..V.d.M..gi.et...]qj?o..@...}.[.]..p'...M..f}W..4........s...fS....{.....[...n.\..X1d.`Jm._..g......4.........@.m.!..U....M.7.9...;.....Q..c.G.|.5.........M.Yq^.;..>Ec..d<.......... .F...b@1..?..6.(.Z.W...4]x...b%|.e..7.j.*..j.r6....|..I.Y.H.5`.dQ...Uk..\L^5n.H.....\2.$.A8|..p....#i....\F..W.D.*.#.5.4J.......?FD...N.\.U.._.I..8.....(..0._&.7..x.a.A...mFfw09..=

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\uat64.dll

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):30104
                                                                                                                                                                                                                                                                Entropy (8bit):6.810457846941677
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:768:wyxCUKKBcns+DZgqsQAwWvYi6pAMxkEW:woEsxvQ3Wv7Ixq
                                                                                                                                                                                                                                                                MD5:67ADB095EFD9F940F16A7B9105F6FED8
                                                                                                                                                                                                                                                                SHA1:1C29BA752A68D9233DCB0BE7E85735D4ADBF7CB6
                                                                                                                                                                                                                                                                SHA-256:85B441B31EBBB11DEF8B49D52CC268A946D1E8B48BD4AC49EC1FE37AB85A2A1C
                                                                                                                                                                                                                                                                SHA-512:9A85BB5243B7F90A6B43874DA87546B41DCCE4050E9967C3424A7D640635EF54ECB347756967A9FEE79B8CCD40F812D9B3DF57AF91D665F243AFFD47A45620BF
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.I.?n..?n..?n.YMm..?n.YMj..?n.YMo..?n..?o..?n..g..?n..n..?n....?n..?...?n..l..?n.Rich.?n.........PE..d....e.........." ...&.&...$......`4...............................................K....`A.........................................T..,....U..P.......8....p......HL..P)...........P...............................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data........`......................@....pdata.......p.......B..............@..@.rsrc...8............D..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\uat64.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):16844
                                                                                                                                                                                                                                                                Entropy (8bit):7.988893643135967
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:8HRHoI5sdBLVmrBJFDLDbi0mrs1wbV3gXYE/QcfMJWomGK:GRHF5sDLVmNLDbiq2bFgp/QFJWoDK
                                                                                                                                                                                                                                                                MD5:33B91876562EAB512A99946D2AB1B250
                                                                                                                                                                                                                                                                SHA1:CF76738F6A32985A9E2A8304E88CCEF51699B373
                                                                                                                                                                                                                                                                SHA-256:5B17357093F667242CAE0A263A6232C61BDA86E7B91034C566BD730C64633198
                                                                                                                                                                                                                                                                SHA-512:50614F7D0FCCA2B2B0385C1BD685A509B5F14F80C8504C651B42078D82A4A3569F41D7166CB5B65912F171CD957206878833D400A9CF6E910E651C611704AD3A
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3.u..lA..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y......Hdn.......l^.m......atrd."=..68...&z.dN.......H.u.a...`hjs.A.J..8....!..w........ .c.xOR$...j.C...+.h7N...A.Hv..H.h.[...@$[.O.b..5....:......2.#t.._...4...p .=2.Q........2.;Jx.8[.=6._.U...h..0...K).<...}.....:.qK..v...,.1_|3N..M-.r;ul.c. w.....b..&P.j;#.....C...X...L.2n.c....x..QyC..5"........u.gue.X-...=..'..^.7.....A;...w...z....&.(_.Cl.V.O.(..X>|y).........j.u.....z..I..E?.t.B.h...F..64u.../..D.L-..S.s...eD%s.z..p.\.../:..s..b.N.!5....EM...u:.E......_a.p...o.gg!0F.Ou.X.._.i3u...../<.`..c(]....m.zLGp){.Z..i#m.~..'G....i....B5......oXy......D.9i.k.qd8..=.o.A.....~...E....T.(.h).=\..o.-u...r(..,..C....'...k.PqL..0. i..{.....G.^.....k.>/.zi..m..k..z.\.n..... .l@..y.i.........=.D..).......ZF8.N..{...9.P@..A...8.6(/...=.X.ge.|K6.".&..Ss....n..l...z....4.....t[.....b..*Zim.....US..X..K.x.E....`f..FU.i..KH8..{~.q.,6...[...Npu..

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\uata64.vpx

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):10863
                                                                                                                                                                                                                                                                Entropy (8bit):7.983283014638828
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:192:VHMgQvf+d+K3kfguxLlk1lPM6EN6ZQ3aX5woR11ZYEzqINMqvYk+jbqq96MBYCFA:VMed+K3kfhu1DEkZQq5pv1Z/eINMSYkB
                                                                                                                                                                                                                                                                MD5:5EFA1250A1D1E9541E46BAABC128D87F
                                                                                                                                                                                                                                                                SHA1:FB04147A53C197EFA6E8279EBB1052AC22F57CBA
                                                                                                                                                                                                                                                                SHA-256:CC42D6B9D209C6A3A87733C5A383CF56B5F5A019D5395725526A1DED711F8A04
                                                                                                                                                                                                                                                                SHA-512:FA1AB6348F477A98C400913480341748E0B1EEA1AF9FA30E90E78C278D3303EA6F742CA2AEA410F923004115E7606139197E2E17C163964015F50B3423C02126
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:ASWsetupFPkgFil3.K...*..]..@..&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y.....6[b....-...q.v...Y...jKJ\y..t...x....Xp. ........Z..O..9....(CxG......D.l..p.!..y/..N#{...,....D..L>Fu0."I.....l.....3.5....uI..a.GaM;....v..q...R....G.=o..1.o...-*M)3p..:...+b.}...x.N.]{....X..0.LS.l..o...L.......G....7..Xu.-.I.$X1S.A.../......E.m..cK.m......|..o.....|.\..........i.&V}.2...s..L.=.b.x..<....O.E.u..z*.0...x."......8...L.5...Uw"ic.......yO...c<T.'....q.....S;...d.>P1...gl....S....'!/..`(....SC.....ss5.=..t$...N..m....gEZ.<.j'.N..X................_...^...i......X^..%....|^....J.....k.b..5.....j......#........k.T.3.....c....u.........../...@Q..|...T.....r k.x..)2O..O.VYA.,H.aL$!+z._<F[R...w.....M..aX$Tk8..oP6..........2RH.Y.......k...F6b..~h"..0].S...J.Vo..17.R"Y...VW.&._X.Fc....C...&F.iA.l.j]...'..~j....@..z...L....].Zu..&....[.K.-......./.............v@ ..7`.W.......0@ ..M;.D0.%Y3.r.QE...E..@...R..W.=.B/.>..

                                                                                                                                                                                                                                                                C:\Windows\Temp\asw.c8e10c29a108e125\vps.def

                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                Process:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                Size (bytes):54220
                                                                                                                                                                                                                                                                Entropy (8bit):5.021834628195106
                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                SSDEEP:384:pvuCUuh77soer9mZAyCH1BBgEJfi4AojvdgJIIrZl9k+Hnl3VYzOPz91qaq7WyG+:pvuCUuh7QJ2sWhYszvuhQfZkv
                                                                                                                                                                                                                                                                MD5:9618E3731215EF958783C2DA6BAD9D12
                                                                                                                                                                                                                                                                SHA1:F2B4372CD1636CFCD85F771249DEF046B1D37C16
                                                                                                                                                                                                                                                                SHA-256:B9D1A9C1F9F919A705F7D32D758FC9C71F9FF275F4D78519BBFF17FC1EF9B698
                                                                                                                                                                                                                                                                SHA-512:A3E9098D0E7ECC5D723DC4041CCBB257EDBA132B9EA526809B0F4EDF84CBF9C76327B0D728A685BBECD6EC04F6B7F69E5B0BA335E8FEB3B7DD1984370185D18C
                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                Preview:<products>.. <product-defs>.. <product name="vps">.. <part-list>.. <part name="vps_windows" type="vps">.... <expand-symbol-alias>.. <src>%VPSPATH%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR32%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <src>%VPSDIR64%</src>.. <dest>%ROPATH%\defs\%VER_VPS_HEX%</dest>.. <type>path</type>.. </expand-symbol-alias>.. <expand-symbol-alias>.. <condition>.. <or-list>.. <file-exists path="%SETUPPATH%\Vps64Reboot.txt" />.. <and-list>.. <or-list>.. <is-operation name="install" />.. <is-operation name="updateProgram" /

                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                Entropy (8bit):6.389957992551846
                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                File name:_.exe
                                                                                                                                                                                                                                                                File size:263'008 bytes
                                                                                                                                                                                                                                                                MD5:56354f6191810e362bf2ae7b3f6e82b4
                                                                                                                                                                                                                                                                SHA1:98260eb9dbec4ef777939937b4ca797ac336e3ff
                                                                                                                                                                                                                                                                SHA256:95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
                                                                                                                                                                                                                                                                SHA512:fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
                                                                                                                                                                                                                                                                SSDEEP:6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
                                                                                                                                                                                                                                                                TLSH:624437116D918072E1B61A30E5BCBA719969BFF40B3088DF53B43E2E3F752D29534B26
                                                                                                                                                                                                                                                                File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........Q.W.0...0...0..H....0..H....0..H....0...X...0...X...0..TY...0...X...0...Hn..0...0...0...Hy..0..TY...0..TY...0...0j..0..TY...0.

                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                Icon Hash:8e133369490d074c

                                                                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Entrypoint:0x401020
                                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                Time Stamp:0x63CEB81A [Mon Jan 23 16:38:50 2023 UTC]
                                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                                                                                                Import Hash:959a6730bc071cd048c8e4c56109bff6

                                                                                                                                                                                                                                                                Authenticode Signature

                                                                                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                                                                                • 16/01/2023 00:00:00 15/01/2026 23:59:59
                                                                                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                                                                                • CN=Avast Software s.r.o., O=Avast Software s.r.o., L=Praha, C=CZ
                                                                                                                                                                                                                                                                Version:3
                                                                                                                                                                                                                                                                Thumbprint MD5:88F0356B1045C86B3BE429E369E41C0B
                                                                                                                                                                                                                                                                Thumbprint SHA-1:22C7A21648690E1B610F1E964AFB3044EAE24335
                                                                                                                                                                                                                                                                Thumbprint SHA-256:8C5E3683E3D73A2E9C9452FC91757931A5333EAE9670BAF00874D3C8D6D6A52A
                                                                                                                                                                                                                                                                Serial:015A6BEC4D7F549FE525C852DF670E13

                                                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                                push esi
                                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                                push 00000001h
                                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                                call dword ptr [004230F4h]
                                                                                                                                                                                                                                                                push 0042358Ch
                                                                                                                                                                                                                                                                call dword ptr [00423104h]
                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                je 00007F8CC0948B07h
                                                                                                                                                                                                                                                                push 004235A8h
                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                call dword ptr [00423244h]
                                                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                                                test esi, esi
                                                                                                                                                                                                                                                                je 00007F8CC0948AF5h
                                                                                                                                                                                                                                                                push 00000800h
                                                                                                                                                                                                                                                                mov ecx, esi
                                                                                                                                                                                                                                                                call dword ptr [004232E0h]
                                                                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                jne 00007F8CC0948B21h
                                                                                                                                                                                                                                                                push 004235C4h
                                                                                                                                                                                                                                                                call dword ptr [0042310Ch]
                                                                                                                                                                                                                                                                push 004235C8h
                                                                                                                                                                                                                                                                call dword ptr [00423104h]
                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                je 00007F8CC0948B07h
                                                                                                                                                                                                                                                                push 004235DCh
                                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                                call dword ptr [00423244h]
                                                                                                                                                                                                                                                                mov esi, eax
                                                                                                                                                                                                                                                                test esi, esi
                                                                                                                                                                                                                                                                je 00007F8CC0948AF5h
                                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                                push 00401100h
                                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                                mov ecx, esi
                                                                                                                                                                                                                                                                call dword ptr [004232E0h]
                                                                                                                                                                                                                                                                call esi
                                                                                                                                                                                                                                                                push 0000000Ah
                                                                                                                                                                                                                                                                call dword ptr [004230FCh]
                                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                                jne 00007F8CC0948AFAh
                                                                                                                                                                                                                                                                push 00002777h
                                                                                                                                                                                                                                                                call 00007F8CC094B57Dh
                                                                                                                                                                                                                                                                add esp, 04h
                                                                                                                                                                                                                                                                push C000001Dh
                                                                                                                                                                                                                                                                call dword ptr [004230F8h]
                                                                                                                                                                                                                                                                call 00007F8CC094F7DAh
                                                                                                                                                                                                                                                                cmp eax, 05010300h
                                                                                                                                                                                                                                                                jnc 00007F8CC0948AFAh
                                                                                                                                                                                                                                                                push 00002778h
                                                                                                                                                                                                                                                                call 00007F8CC094B559h
                                                                                                                                                                                                                                                                add esp, 04h
                                                                                                                                                                                                                                                                push 0000047Eh
                                                                                                                                                                                                                                                                call dword ptr [000030F8h]

                                                                                                                                                                                                                                                                Rich Headers

                                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                • [C++] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2bf840x8c.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000xf4d8.rsrc
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x3da480x2918
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x400000x1c80.reloc
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x2a5200x70.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x2a5900x18.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x24d100x40.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x230000x2e0.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bd040xc0.rdata
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                .text0x10000x2145a0x21600370ee253fc8146c36ca9b12a74af91edFalse0.54679453417603data6.5532731117778225IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .rdata0x230000x9fd20xa00024db5492fdf89397851c9d0b948482acFalse0.4925048828125data5.431980891966803IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .data0x2d0000x15b00xa000c407ebd06ff7436a4b754cec6ca97e1False0.20546875data2.7861505697012516IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                .didat0x2f0000x4c0x2003112630ed2e31c524176213599dd40c8False0.111328125data0.6785400916183222IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                .rsrc0x300000xf4d80xf600170780d1bda493aad732cc3f77bf30efFalse0.3507685467479675data4.953173562537787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                .reloc0x400000x1c800x1e00f409bc772694993d3c8a897696e8c65dFalse0.76875data6.5256082906691395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                PNG0x307980x5d9PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.9926519706078825
                                                                                                                                                                                                                                                                PNG0x30d780x6e2PNG image data, 420 x 150, 8-bit colormap, non-interlacedEnglishUnited States0.8671963677639046
                                                                                                                                                                                                                                                                RT_ICON0x314600x2140PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9937734962406015
                                                                                                                                                                                                                                                                RT_ICON0x335a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.12659423712801135
                                                                                                                                                                                                                                                                RT_ICON0x377c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.19387966804979254
                                                                                                                                                                                                                                                                RT_ICON0x39d700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2319418386491557
                                                                                                                                                                                                                                                                RT_ICON0x3ae180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.41400709219858156
                                                                                                                                                                                                                                                                RT_STRING0x3b2800x74Matlab v4 mat-file (little endian) v, numeric, rows 0, columns 0EnglishUnited States0.5086206896551724
                                                                                                                                                                                                                                                                RT_STRING0x3b2f80x160dataEnglishUnited States0.4914772727272727
                                                                                                                                                                                                                                                                RT_STRING0x3b4580x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                                                                                                                RT_STRING0x3b4a00x2b6dataEnglishUnited States0.18011527377521613
                                                                                                                                                                                                                                                                RT_STRING0x3b7580x4adataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3b7a80x50dataFrenchFrance0.65
                                                                                                                                                                                                                                                                RT_STRING0x3b7f80x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3b8480x4adataRussianRussia0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3b8980x4adata0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3b8e80x48dataEnglishUnited States0.6388888888888888
                                                                                                                                                                                                                                                                RT_STRING0x3b9300x48dataFrenchFrance0.6388888888888888
                                                                                                                                                                                                                                                                RT_STRING0x3b9780x48dataPortugueseBrazil0.6388888888888888
                                                                                                                                                                                                                                                                RT_STRING0x3b9c00x48dataRussianRussia0.6388888888888888
                                                                                                                                                                                                                                                                RT_STRING0x3ba080x48data0.6388888888888888
                                                                                                                                                                                                                                                                RT_STRING0x3ba500x82dataEnglishUnited States0.6230769230769231
                                                                                                                                                                                                                                                                RT_STRING0x3bad80x64dataFrenchFrance0.61
                                                                                                                                                                                                                                                                RT_STRING0x3bb400x5edataPortugueseBrazil0.5851063829787234
                                                                                                                                                                                                                                                                RT_STRING0x3bba00x5edataRussianRussia0.5851063829787234
                                                                                                                                                                                                                                                                RT_STRING0x3bc000x5edata0.5851063829787234
                                                                                                                                                                                                                                                                RT_STRING0x3bc600xa4dataEnglishUnited States0.4817073170731707
                                                                                                                                                                                                                                                                RT_STRING0x3bd080x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3bd680x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3bdc80x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3be280x5cdata0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3be880xc0dataEnglishUnited States0.5833333333333334
                                                                                                                                                                                                                                                                RT_STRING0x3bf480x50dataFrenchFrance0.6625
                                                                                                                                                                                                                                                                RT_STRING0x3bf980x4adataPortugueseBrazil0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3bfe80x4adataRussianRussia0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3c0380x4adata0.6486486486486487
                                                                                                                                                                                                                                                                RT_STRING0x3c0880x160dataEnglishUnited States0.32670454545454547
                                                                                                                                                                                                                                                                RT_STRING0x3c1e80x5cdataFrenchFrance0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3c2480x5cdataPortugueseBrazil0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3c2a80x5cdataRussianRussia0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3c3080x5cdata0.5543478260869565
                                                                                                                                                                                                                                                                RT_STRING0x3c3680x75cdataEnglishUnited States0.31210191082802546
                                                                                                                                                                                                                                                                RT_STRING0x3cac80x944dataFrenchFrance0.3048060708263069
                                                                                                                                                                                                                                                                RT_STRING0x3d4100x86edataPortugueseBrazil0.30537534754402224
                                                                                                                                                                                                                                                                RT_STRING0x3dc800x806dataRussianRussia0.3476144109055501
                                                                                                                                                                                                                                                                RT_STRING0x3e4880x8b8data0.2979390681003584
                                                                                                                                                                                                                                                                RT_RCDATA0x3ed400x15ASCII text, with no line terminatorsEnglishUnited States1.380952380952381
                                                                                                                                                                                                                                                                RT_GROUP_ICON0x3ed580x4cdataEnglishUnited States0.7894736842105263
                                                                                                                                                                                                                                                                RT_VERSION0x3eda80x2f8dataEnglishUnited States0.4723684210526316
                                                                                                                                                                                                                                                                RT_MANIFEST0x3f0a00x437XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1019), with CRLF line terminatorsEnglishUnited States0.5041705282669138

                                                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                                KERNEL32.dllSetLastError, Sleep, GetFileSizeEx, WriteFile, SetEndOfFile, SetFilePointerEx, LocalFree, CloseHandle, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, EnumResourceNamesW, GetWindowsDirectoryW, CreateDirectoryW, CreateFileW, CreateThread, GetSystemTimeAsFileTime, GetNativeSystemInfo, lstrcatA, lstrlenA, GetVersionExA, GetCurrentProcess, GetExitCodeProcess, ResumeThread, ReleaseMutex, WaitForSingleObject, CreateMutexW, CreateProcessW, GetPrivateProfileIntW, GetPrivateProfileStringW, GetDiskFreeSpaceExW, CopyFileW, MoveFileExW, CreateHardLinkW, HeapAlloc, GetProcessHeap, HeapSetInformation, ExitProcess, IsProcessorFeaturePresent, lstrcpyW, GetModuleHandleW, GetSystemDirectoryW, SetDllDirectoryW, InterlockedExchange, LockResource, WriteConsoleW, FlushFileBuffers, GetConsoleMode, GetConsoleCP, SetStdHandle, LCMapStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, GetLastError, HeapFree, InterlockedExchangeAdd, GetVersionExW, FindResourceW, LoadLibraryW, SizeofResource, LoadResource, GlobalFree, GlobalUnlock, GlobalLock, FindFirstFileExW, FindClose, GlobalAlloc, FreeLibrary, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, DecodePointer, GetVersion, HeapDestroy, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, DeviceIoControl, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, TerminateProcess, OutputDebugStringW, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetCommandLineA, GetCommandLineW, GetStdHandle, GetModuleFileNameW, GetModuleHandleExW, GetACP, GetStringTypeW, GetFileType, GetProcAddress
                                                                                                                                                                                                                                                                USER32.dllGetMessageW, TranslateMessage, DispatchMessageW, AllowSetForegroundWindow, PostMessageW, wsprintfA, LoadStringW, MessageBoxExW, wsprintfW, SystemParametersInfoW, IsDialogMessageW, LoadImageW, DestroyIcon, FindWindowW, FillRect, InvalidateRect, EndPaint, BeginPaint, ReleaseDC, GetDC, SetForegroundWindow, GetSystemMetrics, KillTimer, SetTimer, SetFocus, SetWindowPos, DestroyWindow, CreateWindowExW, RegisterClassExW, PostQuitMessage, DefWindowProcW, SendMessageW
                                                                                                                                                                                                                                                                GDI32.dllGetTextExtentPoint32W, GetObjectW, CreateDIBSection, SelectObject, CreateFontIndirectW, DeleteObject, CreateSolidBrush, CreatePatternBrush
                                                                                                                                                                                                                                                                ADVAPI32.dllCryptDestroyHash, CryptHashData, CryptCreateHash, CryptGenRandom, CryptGetHashParam, CryptReleaseContext, CryptAcquireContextA, GetSidSubAuthorityCount, GetSidSubAuthority, IsValidSid, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorA
                                                                                                                                                                                                                                                                ole32.dllCoCreateInstance, CreateStreamOnHGlobal, CoInitializeEx
                                                                                                                                                                                                                                                                COMCTL32.dll

                                                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                EnglishUnited States
                                                                                                                                                                                                                                                                FrenchFrance
                                                                                                                                                                                                                                                                PortugueseBrazil
                                                                                                                                                                                                                                                                RussianRussia

                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.671812057 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.774171114 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.774363041 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.774519920 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.774599075 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.877036095 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.877053976 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.893449068 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.938282967 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.570056915 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.570056915 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.674551010 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.686521053 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.731189013 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.006036043 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.006120920 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.006210089 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.008708000 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.008748055 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.105084896 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.105169058 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.105257034 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.105696917 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.105734110 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.223351002 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.223448038 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.249075890 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.249155998 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.249418020 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.297846079 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.318125010 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.318243980 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.319370031 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.319399118 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.319674015 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.323266029 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.323288918 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.323345900 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.323357105 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.323384047 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.323416948 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.440212965 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.440306902 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.440502882 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.440502882 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.440502882 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542476892 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542567015 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542845011 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542916059 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542932987 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542957067 CET49737443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.542963028 CET4434973734.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.750763893 CET49736443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.750797033 CET4434973634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.862927914 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.862967014 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.863111019 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.864537001 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.864556074 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.085719109 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.085793972 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.087344885 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.087354898 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.087846041 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.141415119 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.176197052 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.176386118 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.176425934 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.324229956 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.324326038 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.324359894 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.324378967 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.324390888 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.324512959 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.327353954 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.336435080 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.336476088 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.336499929 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.336508989 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.336550951 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.340523958 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.346569061 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.346618891 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.346632957 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.353677988 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.353714943 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.353727102 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.353737116 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.353780031 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.426242113 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.429570913 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.429606915 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.429614067 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.429624081 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.429677010 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.436697006 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.443841934 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.443882942 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.443893909 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.450984001 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.451025963 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.451035023 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458148956 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458195925 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458204031 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458246946 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458291054 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458395004 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458404064 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458426952 CET49740443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:15.458431959 CET4434974034.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.224261999 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.224294901 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.224345922 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.226134062 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.226151943 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.445651054 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.445728064 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.450553894 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.450566053 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.450958014 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.500775099 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.545880079 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.546027899 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.546088934 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.835874081 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.835944891 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.835964918 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.836061001 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.836293936 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.836301088 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.838738918 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.840168953 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.840174913 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.845345974 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.847013950 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.847018957 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.853015900 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.853907108 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.853913069 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.860057116 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.860235929 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.860241890 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.907157898 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.907185078 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.937927008 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.938219070 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.938246012 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.941112041 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.941190004 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.941196918 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.948384047 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.949773073 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.949779987 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.955337048 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.957827091 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.957833052 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.962498903 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.965616941 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.965620995 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.969851017 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.974040031 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.974045038 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.976846933 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.976907015 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.976912975 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.983700991 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.983840942 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.983990908 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.984057903 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.984070063 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.984177113 CET49761443192.168.2.434.160.176.28
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.984183073 CET4434976134.160.176.28192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.525533915 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.525558949 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.525614023 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.526285887 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.526299000 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.631992102 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.632023096 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.632071018 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.633822918 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.633837938 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.745748997 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.745826006 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.747417927 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.747423887 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.747751951 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.748451948 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.748495102 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.748502016 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.847383976 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.847455978 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.852102041 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.852117062 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.852375984 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.852906942 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.852991104 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.852999926 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973315954 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973509073 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973567009 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973757029 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973771095 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973799944 CET49762443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.973805904 CET4434976234.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.070626020 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.070724010 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.070775032 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.071229935 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.071247101 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.071260929 CET49763443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:44.071264982 CET4434976334.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:09.672960997 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:09.775369883 CET804973134.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:09.775501013 CET4973180192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.419770956 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.419812918 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.419898033 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.420928955 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.420943022 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.641000986 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.641217947 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.645917892 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.645922899 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.646308899 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.648684978 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.648684978 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.648699999 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.862473011 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.862684011 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.862984896 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.863384962 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.863384962 CET49766443192.168.2.434.117.223.223
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.863396883 CET4434976634.117.223.223192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:56:42.863421917 CET4434976634.117.223.223192.168.2.4

                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.547137976 CET5351553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.547250032 CET4957053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.664937973 CET53535151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:11.986124992 CET6064153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.103921890 CET53606411.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.471760035 CET4959053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.588989019 CET53495901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.590594053 CET5956253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.708405972 CET53595621.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.736093998 CET5679353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.853880882 CET53567931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.703560114 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.706408978 CET5990453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.707036972 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.708498955 CET5879653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.709065914 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.710441113 CET5178353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.711010933 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.712547064 CET5446553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.713238001 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.714740038 CET6162053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.715414047 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.717003107 CET6225253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.826735020 CET6226453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.828424931 CET5201753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.829133987 CET6226453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.831463099 CET6347453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.832211971 CET6226453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.833689928 CET5976853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.834326029 CET6226453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.835819960 CET5492853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.836452007 CET6226453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.837943077 CET5090253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.838521957 CET6226453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.839979887 CET5868853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.841258049 CET5024353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.847093105 CET6129453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.847753048 CET5024353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.849626064 CET5934553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.850120068 CET5024353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.851511955 CET5591053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.852085114 CET5024353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.853478909 CET5074253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.853950977 CET5024353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.855254889 CET6454653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.855772972 CET5024353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.856995106 CET5052153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.057564974 CET5053353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.058104038 CET5887653192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.058809042 CET5053353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.060077906 CET6334353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.060506105 CET5053353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.061671972 CET5799153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.062278986 CET5053353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.063656092 CET5791953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.064305067 CET5053353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.067200899 CET5560453192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.067663908 CET5053353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.068988085 CET5636853192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.119621038 CET5638153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.120975971 CET6067953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.121531963 CET5638153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.123236895 CET6137053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.123716116 CET5638153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.124748945 CET6500253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.125200033 CET5638153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.127461910 CET5364253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.127918959 CET5638153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.129159927 CET6013153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.129630089 CET5638153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.130717993 CET5432553192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.318490028 CET5433753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.319839954 CET5986353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.320420027 CET5433753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.321904898 CET6434353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.322431087 CET5433753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.323992014 CET5089953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.324493885 CET5433753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.325539112 CET6235053192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.325968027 CET5433753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.327440977 CET6227953192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.327915907 CET5433753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.329121113 CET6223253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.073689938 CET6097453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.191773891 CET53609741.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.503046036 CET6403753192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.504561901 CET6189153192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.606431007 CET53640378.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.607573986 CET53618918.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.998151064 CET6189353192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.999478102 CET6163253192.168.2.48.8.8.8
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.100298882 CET53618938.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.101747990 CET53616328.8.8.8192.168.2.4
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.512118101 CET6163353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.630739927 CET53616331.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.547137976 CET192.168.2.41.1.1.10x96f7Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.547250032 CET192.168.2.41.1.1.10xd250Standard query (0)iavs9x.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:11.986124992 CET192.168.2.41.1.1.10x2b67Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.471760035 CET192.168.2.41.1.1.10xb1cStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.590594053 CET192.168.2.41.1.1.10x8c5Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.736093998 CET192.168.2.41.1.1.10x25ebStandard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.703560114 CET192.168.2.48.8.8.80x976cStandard query (0)c3978047.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.706408978 CET192.168.2.48.8.8.80x34eStandard query (0)c3978047.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.707036972 CET192.168.2.48.8.8.80xbe1dStandard query (0)n8283613.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.708498955 CET192.168.2.48.8.8.80x3eb8Standard query (0)n8283613.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.709065914 CET192.168.2.48.8.8.80xb80cStandard query (0)r3802239.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.710441113 CET192.168.2.48.8.8.80x8893Standard query (0)r3802239.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.711010933 CET192.168.2.48.8.8.80xdedStandard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.712547064 CET192.168.2.48.8.8.80x9450Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.713238001 CET192.168.2.48.8.8.80x986fStandard query (0)s1843811.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.714740038 CET192.168.2.48.8.8.80x9e13Standard query (0)s1843811.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.715414047 CET192.168.2.48.8.8.80x1d79Standard query (0)z4055813.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.717003107 CET192.168.2.48.8.8.80xcabeStandard query (0)z4055813.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.826735020 CET192.168.2.48.8.8.80xf720Standard query (0)c3978047.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.828424931 CET192.168.2.48.8.8.80xebf8Standard query (0)c3978047.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.829133987 CET192.168.2.48.8.8.80xd77bStandard query (0)n8283613.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.831463099 CET192.168.2.48.8.8.80xeec5Standard query (0)n8283613.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.832211971 CET192.168.2.48.8.8.80x907bStandard query (0)r3802239.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.833689928 CET192.168.2.48.8.8.80x2fbaStandard query (0)r3802239.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.834326029 CET192.168.2.48.8.8.80xc7e9Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.835819960 CET192.168.2.48.8.8.80xa240Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.836452007 CET192.168.2.48.8.8.80x974cStandard query (0)s1843811.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.837943077 CET192.168.2.48.8.8.80xf74bStandard query (0)s1843811.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.838521957 CET192.168.2.48.8.8.80x6411Standard query (0)z4055813.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.839979887 CET192.168.2.48.8.8.80x9f29Standard query (0)z4055813.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.841258049 CET192.168.2.48.8.8.80x464fStandard query (0)g1928587.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.847093105 CET192.168.2.48.8.8.80xd007Standard query (0)g1928587.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.847753048 CET192.168.2.48.8.8.80x15bStandard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.849626064 CET192.168.2.48.8.8.80xb765Standard query (0)h4305360.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.850120068 CET192.168.2.48.8.8.80x980aStandard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.851511955 CET192.168.2.48.8.8.80x6b7aStandard query (0)m0658849.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.852085114 CET192.168.2.48.8.8.80x9b00Standard query (0)n4291289.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.853478909 CET192.168.2.48.8.8.80xa89fStandard query (0)n4291289.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.853950977 CET192.168.2.48.8.8.80x4ae3Standard query (0)r3802239.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.855254889 CET192.168.2.48.8.8.80xa047Standard query (0)r3802239.iavs9x.u.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.855772972 CET192.168.2.48.8.8.80x365Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.856995106 CET192.168.2.48.8.8.80x56a6Standard query (0)s-iavs9x.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.057564974 CET192.168.2.48.8.8.80xf80eStandard query (0)g1928587.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.058104038 CET192.168.2.48.8.8.80x662dStandard query (0)g1928587.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.058809042 CET192.168.2.48.8.8.80x8e46Standard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.060077906 CET192.168.2.48.8.8.80xcf3dStandard query (0)h4305360.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.060506105 CET192.168.2.48.8.8.80x6533Standard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.061671972 CET192.168.2.48.8.8.80xb322Standard query (0)m0658849.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.062278986 CET192.168.2.48.8.8.80x204cStandard query (0)n4291289.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.063656092 CET192.168.2.48.8.8.80xc18cStandard query (0)n4291289.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.064305067 CET192.168.2.48.8.8.80xc0a8Standard query (0)r3802239.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.067200899 CET192.168.2.48.8.8.80x709bStandard query (0)r3802239.iavs9x.u.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.067663908 CET192.168.2.48.8.8.80xaa16Standard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.068988085 CET192.168.2.48.8.8.80x798fStandard query (0)s-iavs9x.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.119621038 CET192.168.2.48.8.8.80x37d5Standard query (0)b8003600.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.120975971 CET192.168.2.48.8.8.80x1f8fStandard query (0)b8003600.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.121531963 CET192.168.2.48.8.8.80x9dd2Standard query (0)h4444966.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.123236895 CET192.168.2.48.8.8.80x771cStandard query (0)h4444966.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.123716116 CET192.168.2.48.8.8.80x5559Standard query (0)l4691727.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.124748945 CET192.168.2.48.8.8.80x9e6fStandard query (0)l4691727.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.125200033 CET192.168.2.48.8.8.80x28dfStandard query (0)r4427608.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.127461910 CET192.168.2.48.8.8.80x45dfStandard query (0)r4427608.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.127918959 CET192.168.2.48.8.8.80x23beStandard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.129159927 CET192.168.2.48.8.8.80x9e76Standard query (0)s-vps18tiny.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.129630089 CET192.168.2.48.8.8.80x9d0dStandard query (0)t1024579.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.130717993 CET192.168.2.48.8.8.80x43aeStandard query (0)t1024579.vps18tiny.u.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.318490028 CET192.168.2.48.8.8.80x7019Standard query (0)b8003600.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.319839954 CET192.168.2.48.8.8.80x5401Standard query (0)b8003600.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.320420027 CET192.168.2.48.8.8.80x2bf0Standard query (0)h4444966.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.321904898 CET192.168.2.48.8.8.80x8444Standard query (0)h4444966.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.322431087 CET192.168.2.48.8.8.80xa7e7Standard query (0)l4691727.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.323992014 CET192.168.2.48.8.8.80xb5e4Standard query (0)l4691727.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.324493885 CET192.168.2.48.8.8.80xb5e7Standard query (0)r4427608.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.325539112 CET192.168.2.48.8.8.80xb5c3Standard query (0)r4427608.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.325968027 CET192.168.2.48.8.8.80x3332Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.327440977 CET192.168.2.48.8.8.80xb260Standard query (0)s-vps18tiny.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.327915907 CET192.168.2.48.8.8.80xafc4Standard query (0)t1024579.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.329121113 CET192.168.2.48.8.8.80x1ae5Standard query (0)t1024579.vps18tiny.u.avcdn.net28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.073689938 CET192.168.2.41.1.1.10x7444Standard query (0)shepherd.ff.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.503046036 CET192.168.2.48.8.8.80xce06Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.504561901 CET192.168.2.48.8.8.80x388dStandard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.998151064 CET192.168.2.48.8.8.80xb307Standard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.999478102 CET192.168.2.48.8.8.80x6abStandard query (0)v7event.stats.avast.com28IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.512118101 CET192.168.2.41.1.1.10xf595Standard query (0)v7event.stats.avast.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.664937973 CET1.1.1.1192.168.2.40x96f7No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.664937973 CET1.1.1.1192.168.2.40x96f7No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.664937973 CET1.1.1.1192.168.2.40x96f7No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.689870119 CET1.1.1.1192.168.2.40xd250No error (0)iavs9x.u.avcdn.netiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.103921890 CET1.1.1.1192.168.2.40x2b67No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.103921890 CET1.1.1.1192.168.2.40x2b67No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:12.103921890 CET1.1.1.1192.168.2.40x2b67No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.588989019 CET1.1.1.1192.168.2.40xb1cNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.588989019 CET1.1.1.1192.168.2.40xb1cNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.708405972 CET1.1.1.1192.168.2.40x8c5No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.853880882 CET1.1.1.1192.168.2.40x25ebNo error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:14.853880882 CET1.1.1.1192.168.2.40x25ebNo error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.808310986 CET8.8.8.8192.168.2.40x976cNo error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.811079025 CET8.8.8.8192.168.2.40x34eNo error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.811305046 CET8.8.8.8192.168.2.40x3eb8No error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.811853886 CET8.8.8.8192.168.2.40xbe1dNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.814042091 CET8.8.8.8192.168.2.40xb80cNo error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.815216064 CET8.8.8.8192.168.2.40x8893No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.815906048 CET8.8.8.8192.168.2.40xdedNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.817157030 CET8.8.8.8192.168.2.40x9450No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.817811012 CET8.8.8.8192.168.2.40x1d79No error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.818811893 CET8.8.8.8192.168.2.40x986fNo error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.819448948 CET8.8.8.8192.168.2.40x9e13No error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.819786072 CET8.8.8.8192.168.2.40xcabeNo error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.932805061 CET8.8.8.8192.168.2.40xf720No error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.933056116 CET8.8.8.8192.168.2.40xebf8No error (0)c3978047.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.933837891 CET8.8.8.8192.168.2.40xd77bNo error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.936614037 CET8.8.8.8192.168.2.40xeec5No error (0)n8283613.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.936904907 CET8.8.8.8192.168.2.40x2fbaNo error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.937515974 CET8.8.8.8192.168.2.40x907bNo error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.939448118 CET8.8.8.8192.168.2.40x974cNo error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.940257072 CET8.8.8.8192.168.2.40xc7e9No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.940563917 CET8.8.8.8192.168.2.40xa240No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.940599918 CET8.8.8.8192.168.2.40xf74bNo error (0)s1843811.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.941129923 CET8.8.8.8192.168.2.40x6411No error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:17.942452908 CET8.8.8.8192.168.2.40x9f29No error (0)z4055813.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.945177078 CET8.8.8.8192.168.2.40x464fNo error (0)g1928587.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.950699091 CET8.8.8.8192.168.2.40xd007No error (0)g1928587.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.951828003 CET8.8.8.8192.168.2.40x15bNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.953841925 CET8.8.8.8192.168.2.40xb765No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.953880072 CET8.8.8.8192.168.2.40x980aNo error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.955996037 CET8.8.8.8192.168.2.40x6b7aNo error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.956486940 CET8.8.8.8192.168.2.40x9b00No error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.957366943 CET8.8.8.8192.168.2.40xa89fNo error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.957730055 CET8.8.8.8192.168.2.40x4ae3No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.959095955 CET8.8.8.8192.168.2.40xa047No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.959386110 CET8.8.8.8192.168.2.40x56a6No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:34.960860968 CET8.8.8.8192.168.2.40x365No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.162688971 CET8.8.8.8192.168.2.40xf80eNo error (0)g1928587.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.162740946 CET8.8.8.8192.168.2.40xcf3dNo error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.162775040 CET8.8.8.8192.168.2.40x662dNo error (0)g1928587.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.162997007 CET8.8.8.8192.168.2.40x6533No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.163646936 CET8.8.8.8192.168.2.40x8e46No error (0)h4305360.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.164429903 CET8.8.8.8192.168.2.40xb322No error (0)m0658849.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.164696932 CET8.8.8.8192.168.2.40x204cNo error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.166908026 CET8.8.8.8192.168.2.40xc18cNo error (0)n4291289.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.169006109 CET8.8.8.8192.168.2.40xc0a8No error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.169667959 CET8.8.8.8192.168.2.40x709bNo error (0)r3802239.iavs9x.u.avast.comiavs9x4.u.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.170205116 CET8.8.8.8192.168.2.40xaa16No error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:35.173872948 CET8.8.8.8192.168.2.40x798fNo error (0)s-iavs9x.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.225708008 CET8.8.8.8192.168.2.40x37d5No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.227580070 CET8.8.8.8192.168.2.40x1f8fNo error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.233778000 CET8.8.8.8192.168.2.40x9e76No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.240367889 CET8.8.8.8192.168.2.40x9dd2No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.242944956 CET8.8.8.8192.168.2.40x9e6fNo error (0)l4691727.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.245054960 CET8.8.8.8192.168.2.40x28dfNo error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.245950937 CET8.8.8.8192.168.2.40x5559No error (0)l4691727.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.246083021 CET8.8.8.8192.168.2.40x45dfNo error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.249568939 CET8.8.8.8192.168.2.40x9d0dNo error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.252185106 CET8.8.8.8192.168.2.40x23beNo error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.262572050 CET8.8.8.8192.168.2.40x771cNo error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.270272970 CET8.8.8.8192.168.2.40x43aeNo error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.423861027 CET8.8.8.8192.168.2.40x7019No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.424793959 CET8.8.8.8192.168.2.40x5401No error (0)b8003600.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.425621986 CET8.8.8.8192.168.2.40x2bf0No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.426820040 CET8.8.8.8192.168.2.40xb5e4No error (0)l4691727.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.428105116 CET8.8.8.8192.168.2.40xa7e7No error (0)l4691727.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.431180954 CET8.8.8.8192.168.2.40x3332No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.432410002 CET8.8.8.8192.168.2.40xb260No error (0)s-vps18tiny.avcdn.netfallbackupdates.avcdn.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.434221029 CET8.8.8.8192.168.2.40x1ae5No error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.446436882 CET8.8.8.8192.168.2.40xafc4No error (0)t1024579.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.447590113 CET8.8.8.8192.168.2.40xb5c3No error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.452488899 CET8.8.8.8192.168.2.40xb5e7No error (0)r4427608.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:36.604473114 CET8.8.8.8192.168.2.40x8444No error (0)h4444966.vps18tiny.u.avcdn.netu4.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:38.191773891 CET1.1.1.1192.168.2.40x7444No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.606431007 CET8.8.8.8192.168.2.40xce06No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.606431007 CET8.8.8.8192.168.2.40xce06No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.606431007 CET8.8.8.8192.168.2.40xce06No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.607573986 CET8.8.8.8192.168.2.40x388dNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.607573986 CET8.8.8.8192.168.2.40x388dNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:42.607573986 CET8.8.8.8192.168.2.40x388dNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.100298882 CET8.8.8.8192.168.2.40xb307No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.100298882 CET8.8.8.8192.168.2.40xb307No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.101747990 CET8.8.8.8192.168.2.40x6abNo error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.101747990 CET8.8.8.8192.168.2.40x6abNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.630739927 CET1.1.1.1192.168.2.40xf595No error (0)v7event.stats.avast.comanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.630739927 CET1.1.1.1192.168.2.40xf595No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:43.630739927 CET1.1.1.1192.168.2.40xf595No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                • analytics.avcdn.net
                                                                                                                                                                                                                                                                • v7event.stats.avast.com
                                                                                                                                                                                                                                                                • shepherd.ff.avast.com

                                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                0192.168.2.44973134.117.223.223806652C:\Users\user\Desktop\_.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.774519920 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                User-Agent: Avast Microstub/2.1
                                                                                                                                                                                                                                                                Content-Length: 267
                                                                                                                                                                                                                                                                Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.774599075 CET267OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 74 73 74 5f 30 30 37 5f 34 30 32 5f 61 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 73 74 61 72 74 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43
                                                                                                                                                                                                                                                                Data Ascii: cookie=mmm_ava_tst_007_402_aedition=1event=microstub-startmidex=3F5C7CD44D1F6AC769934CADA267B4DFB4F487972F61D91B3CE43220F7F7994Bstat_session=0e40ef31-a29c-4f55-a521-dfde990cdf4cstatsSendTime=1707213307os=win,10,0,2,19045,0,AMD64exe_vers
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:07.893449068 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:07 GMT
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.570056915 CET177OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                User-Agent: Avast Microstub/2.1
                                                                                                                                                                                                                                                                Content-Length: 281
                                                                                                                                                                                                                                                                Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.570056915 CET281OUTData Raw: 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 74 73 74 5f 30 30 37 5f 34 30 32 5f 61 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 6d 69 63 72 6f 73 74 75 62 2d 64 6f 77 6e 6c 6f 61 64 0a 6d 69 64 65 78 3d 33 46 35 43 37 43 44 34 34 44 31 46
                                                                                                                                                                                                                                                                Data Ascii: cookie=mmm_ava_tst_007_402_aedition=1event=microstub-downloadmidex=3F5C7CD44D1F6AC769934CADA267B4DFB4F487972F61D91B3CE43220F7F7994Bstat_session=0e40ef31-a29c-4f55-a521-dfde990cdf4cstatsSendTime=1707213309os=win,10,0,2,19045,0,AMD64exe_v
                                                                                                                                                                                                                                                                Feb 6, 2024 10:55:09.686521053 CET96INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:09 GMT
                                                                                                                                                                                                                                                                Via: 1.1 google


                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                0192.168.2.44973734.117.223.2234436128C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                Content-Length: 602
                                                                                                                                                                                                                                                                Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC602OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 31 2c 22 74 69 6d 65 22 3a 31 37 30 37 32 31 38 32 38 37 39 35 30 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 35 62 66 30 62 62 63 36 2d 66 31 35 34 2d 34 34 65 38 2d 38 38 33 66 2d 33 30 37 37 39 36 63 39 62 31 35 32 22 2c 22 68 77 69 64 22 3a 22 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 42 34 46 34 38 37 39 37 32 46 36 31 44 39 31 42 33 43 45 34 33 32 32 30 46 37 46 37 39 39 34 42 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 6d 6d 6d 5f 61 76 61 5f 74 73 74 5f 30 30 37 5f 34 30 32 5f 61 22 7d 2c 22 69 6e 73 74 75 70 22 3a
                                                                                                                                                                                                                                                                Data Ascii: {"record":[{"event":{"subtype":1,"time":1707218287950,"type":70},"identity":{"guid":"5bf0bbc6-f154-44e8-883f-307796c9b152","hwid":"3F5C7CD44D1F6AC769934CADA267B4DFB4F487972F61D91B3CE43220F7F7994B"},"installation":{"aiid":"mmm_ava_tst_007_402_a"},"instup":
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:12 GMT
                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                                                                Data Ascii: {"processed": true}


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                1192.168.2.44973634.117.223.2234436128C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC217OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                Content-MD5: 39q45MsU+/KgKqYb7RGnmA==
                                                                                                                                                                                                                                                                User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                Content-Length: 391
                                                                                                                                                                                                                                                                Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC391OUTData Raw: 53 66 78 43 72 65 61 74 65 64 3d 31 37 30 37 32 31 33 33 30 37 0a 53 66 78 4e 61 6d 65 3d 61 76 61 73 74 5f 66 72 65 65 5f 61 6e 74 69 76 69 72 75 73 5f 73 65 74 75 70 5f 6f 6e 6c 69 6e 65 5f 78 36 34 2e 65 78 65 0a 53 66 78 53 69 7a 65 3d 31 30 37 30 30 35 32 38 0a 53 66 78 56 65 72 73 69 6f 6e 3d 32 34 2e 31 2e 38 38 32 31 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 74 73 74 5f 30 30 37 5f 34 30 32 5f 61 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 73 74 75 62 0a 67 75 69 64 3d 35 62 66 30 62 62 63 36 2d 66 31 35 34 2d 34 34 65 38 2d 38 38 33 66 2d 33 30 37 37 39 36 63 39 62 31 35 32 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 34 66 34 38 37 39 37 32 66 36 31 64
                                                                                                                                                                                                                                                                Data Ascii: SfxCreated=1707213307SfxName=avast_free_antivirus_setup_online_x64.exeSfxSize=10700528SfxVersion=24.1.8821.0cookie=mmm_ava_tst_007_402_aedition=1event=stubguid=5bf0bbc6-f154-44e8-883f-307796c9b152midex=3f5c7cd44d1f6ac769934cada267b4dfb4f487972f61d
                                                                                                                                                                                                                                                                2024-02-06 09:55:12 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:12 GMT
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                2192.168.2.44974034.160.176.284437296C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                Content-Length: 271
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC271OUTData Raw: 64 61 74 61 3d 43 41 41 51 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 59 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 67 25 32 46 25 32 46 25 32 46 25 32 46 25 32 46 77 38 71 46 57 31 74 62 56 39 68 64 6d 46 66 64 48 4e 30 58 7a 41 77 4e 31 38 30 4d 44 4a 66 59 57 49 43 43 67 43 49 41 51 44 4b 41 79 51 31 59 6d 59 77 59 6d 4a 6a 4e 69 31 6d 4d 54 55 30 4c 54 51 30 5a 54 67 74 4f 44 67 7a 5a 69 30 7a 4d 44 63 33 4f 54 5a 6a 4f 57 49 78 4e 54 4c 79 41 77 51 34 4d 54 6b 78 67 67 6c 41 4d 30 59 31 51 7a 64 44 52 44 51 30 52 44 46 47 4e 6b 46 44 4e 7a 59 35 4f 54 4d 30 51 30 46 45 51 54 49 32 4e 30 49 30 52 45 5a 43 4e 45 59 30 4f 44 63 35 4e 7a 4a 47 4e 6a 46 45 4f 54 46 43 4d 30 4e 46 4e 44 4d 79 4d 6a 42 47 4e 30 59 33 4f 54 6b 30 51 74 6f 54
                                                                                                                                                                                                                                                                Data Ascii: data=CAAQ%2F%2F%2F%2F%2Fw8Y%2F%2F%2F%2F%2Fw8g%2F%2F%2F%2F%2Fw8qFW1tbV9hdmFfdHN0XzAwN180MDJfYWICCgCIAQDKAyQ1YmYwYmJjNi1mMTU0LTQ0ZTgtODgzZi0zMDc3OTZjOWIxNTLyAwQ4MTkxgglAM0Y1QzdDRDQ0RDFGNkFDNzY5OTM0Q0FEQTI2N0I0REZCNEY0ODc5NzJGNjFEOTFCM0NFNDMyMjBGN0Y3OTk0QtoT
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1517INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:15 GMT
                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                Content-Length: 29413
                                                                                                                                                                                                                                                                AB-Tests: 9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:b,oa-7675:c,oa-7794-fake:b
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                Config-Id: 5
                                                                                                                                                                                                                                                                Config-Name: Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release-stage-2_v2017_hns-pre-scan-enabled-countries_noomnianda1_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_ipm_6513_open_ui_c_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-ffe18673c106c819ec17dd8acd7625b568abfa3f2cf21e74f6b78ebd7601ce12
                                                                                                                                                                                                                                                                Config-Version: 4890
                                                                                                                                                                                                                                                                Segments: websocket testing,ipm_6363_chrome_offer_setup_free,free,production new installs,version 18.6 and higher,production,quic sni block release stage 2,v2017,hns pre-scan enabled countries,noomnianda1,phone support tile,avast 18 r7 and 18 r8,fs and idp integration,cef settings off,opening browser onboarding,old smartscan,ipm_6513_open_ui_c,test akamai,test pam no master password,v18.5 and higher,cleanup premium installation,release - iavs9x only,version 19.1 and older
                                                                                                                                                                                                                                                                TTL: 86400
                                                                                                                                                                                                                                                                TTL-Spread: 43200
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC720INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 67 5d 0d 0a 41 76 61 73 74 50 72 6f 63 65 73 73 65 73 57 70 72 43 61 70 74 75 72 65 49 6e 74 65 72 76 61 6c 3d 30 0d 0a 5b 43 6f 6d 70 6f 6e 65 6e 74 73 5d 0d 0a 61 69 73 5f 63 6d 70 5f 66 77 3d 32 0d 0a 61 69 73 5f 63 6d 70 5f 73 66 7a 6f 6e 65 3d 33 0d 0a 61 69 73 5f 73 68 6c 5f 73 70 6d 3d 33 0d 0a 5b 47 72 69 6d 65 46 69 67 68 74 65 72 5d 0d 0a 69 6e 66 6f 32 5f 6c 69 63 65 6e 73 65 64 5f 70 65 72 69 6f 64 3d 33 36 30 30 0d 0a 69 6e 66 6f 32 5f 75 6e 6c 69 63 65 6e 73 65 64 5f 70 65 72 69 6f 64 3d 33 36 30 30 0d 0a 4c 69 63 65 6e 73 65 64 43 6c 65 61 6e 3d 31 0d 0a 55 73 65 47 46 31 4c 69 63 65 6e 73 65 3d 31 0d 0a 5b 53 74 72 65 61 6d 46 69 6c 74 65 72 2e 48 74 74 70 50 6c 75 67 69 6e 5d 0d 0a 41 54 42 6c 6f 63 6b 51 75 69 63 3d 30 0d 0a 41 54 49 6e
                                                                                                                                                                                                                                                                Data Ascii: g]AvastProcessesWprCaptureInterval=0[Components]ais_cmp_fw=2ais_cmp_sfzone=3ais_shl_spm=3[GrimeFighter]info2_licensed_period=3600info2_unlicensed_period=3600LicensedClean=1UseGF1License=1[StreamFilter.HttpPlugin]ATBlockQuic=0ATIn
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 4a 39 4c 44 4e 64 66 53 78 37 49 6d 56 78 64 57 46 73 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 79 62 79 4a 39 4c 44 45 7a 4d 46 31 39 58 58 30 73 65 79 4a 6e 63 6d 56 68 64 47 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6e 4a 6c 63 47 56 68 64 46 39 70 62 6e 52 6c 63 6e 5a 68 62 43 4a 39 4c 44 45 30 4e 44 42 64 66 56 31 39 4c 43 4a 76 63 48 52 70 62 32 35 7a 49 6a 70 37 49 6d 78 68 64 57 35 6a 61 45 39 77 64 47 6c 76 62 69 49 36 65 79 4a 68 64 58 52 76 53 57 35 6a 63 6d 56 74 5a 57 35 30 54 58 4e 6e 55 32 68 76 64 32 34 69 4f 6e 52 79 64 57 55 73 49 6d 35 76 64 47 6c 6d 65 55 78 70 62 57 6c 30 5a 58 4a 4a 52 43 49 36 49 6d 35 68 5a 31 39 73 61 57 31 70 64 43 49 73 49 6e 4a 6c 63
                                                                                                                                                                                                                                                                Data Ascii: J9LDNdfSx7ImVxdWFsIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BybyJ9LDEzMF19XX0seyJncmVhdGVxIjpbeyJ2YXJpYWJsZSI6InJlcGVhdF9pbnRlcnZhbCJ9LDE0NDBdfV19LCJvcHRpb25zIjp7ImxhdW5jaE9wdGlvbiI6eyJhdXRvSW5jcmVtZW50TXNnU2hvd24iOnRydWUsIm5vdGlmeUxpbWl0ZXJJRCI6Im5hZ19saW1pdCIsInJlc
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 49 73 49 6d 56 73 5a 57 31 6c 62 6e 51 69 4f 6a 4d 33 4e 69 77 69 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 59 58 56 30 62 30 6c 75 59 33 4a 6c 62 57 56 75 64 45 31 7a 5a 31 4e 6f 62 33 64 75 49 6a 70 30 63 6e 56 6c 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 43 77 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4e 6a 42 39 66 58 30 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 51 30 78 50 55 30 56 66 54
                                                                                                                                                                                                                                                                Data Ascii: IsImVsZW1lbnQiOjM3Niwib3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsiYXV0b0luY3JlbWVudE1zZ1Nob3duIjp0cnVlLCJyZXBlYXRlciI6eyJ0cnlBZ2FpbkFmdGVyIjozMCwidGltZVRvTGl2ZUFjdGl2ZU1zZyI6NjB9fX0sImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiQ0xPU0VfT
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 6f 77 4d 43 73 77 4d 44 6f 77 4d 43 4a 64 66 56 31 39 4c 43 4a 76 63 48 52 70 62 32 35 7a 49 6a 70 37 49 6d 78 68 64 57 35 6a 61 45 39 77 64 47 6c 76 62 69 49 36 65 79 4a 68 64 58 52 76 53 57 35 6a 63 6d 56 74 5a 57 35 30 54 58 4e 6e 55 32 68 76 64 32 34 69 4f 6e 52 79 64 57 55 73 49 6d 46 6a 64 47 6c 76 62 69 49 36 49 6d 39 77 5a 57 35 66 64 57 6b 69 4c 43 4a 79 5a 58 42 6c 59 58 52 6c 63 69 49 36 65 79 4a 30 61 57 31 6c 56 47 39 4d 61 58 5a 6c 51 57 4e 30 61 58 5a 6c 54 58 4e 6e 49 6a 6f 7a 4e 6a 41 73 49 6e 52 79 65 55 46 6e 59 57 6c 75 51 57 5a 30 5a 58 49 69 4f 6a 4d 77 4d 48 31 39 66 53 77 69 5a 57 78 6c 62 57 56 75 64 43 49 36 4d 7a 67 77 4c 43 4a 77 63 6d 6c 76 63 6d 6c 30 65 53 49 36 4e 6a 41 77 4c 43 4a 31 63 6d 77 69 4f 6e 73 69 63 47 46 79 59
                                                                                                                                                                                                                                                                Data Ascii: owMCswMDowMCJdfV19LCJvcHRpb25zIjp7ImxhdW5jaE9wdGlvbiI6eyJhdXRvSW5jcmVtZW50TXNnU2hvd24iOnRydWUsImFjdGlvbiI6Im9wZW5fdWkiLCJyZXBlYXRlciI6eyJ0aW1lVG9MaXZlQWN0aXZlTXNnIjozNjAsInRyeUFnYWluQWZ0ZXIiOjMwMH19fSwiZWxlbWVudCI6MzgwLCJwcmlvcml0eSI6NjAwLCJ1cmwiOnsicGFyY
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 5a 68 62 48 56 6c 49 6a 6f 69 4d 7a 51 33 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 5a 57 78 74 49 6e 31 64 66 53 77 69 63 48 4a 70 62 33 4a 70 64 48 6b 69 4f 6a 45 77 4d 44 42 39 4c 48 73 69 61 57 51 69 4f 69 4a 4f 51 55 64 66 52 56 68 51 53 56 4a 4a 54 6b 64 66 55 45 46 4e 58 30 46 57 51 56 4e 55 49 69 77 69 63 47 78 68 59 32 56 74 5a 57 35 30 49 6a 6f 69 63 47 39 77 64 58 41 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 79 4e 7a 4d 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 63 6d 38 69 66 53 77 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63
                                                                                                                                                                                                                                                                Data Ascii: ZhbHVlIjoiMzQ3IiwibmFtZSI6InBfZWxtIn1dfSwicHJpb3JpdHkiOjEwMDB9LHsiaWQiOiJOQUdfRVhQSVJJTkdfUEFNX0FWQVNUIiwicGxhY2VtZW50IjoicG9wdXAiLCJlbGVtZW50IjoyNzMsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wcm8ifSwwXX0seyJsZXNzZXEiOlt7InZhc
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 78 6c 65 43 4a 39 4c 43 30 78 4e 56 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 47 56 34 49 6e 30 73 4d 46 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 46 64 66 53 78 37 49 6d 78 6c 63 33 4e 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 4e 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 77 49 6e 30 73 4d 54 6c 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f
                                                                                                                                                                                                                                                                Data Ascii: xleCJ9LC0xNV19LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbGV4In0sMF19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDFdfSx7Imxlc3NlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDNdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVwIn0sMTldfSx7ImdyZWF0ZXEiO
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 5a 58 68 77 61 58 4a 68 64 47 6c 76 62 69 49 73 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4d 7a 59 77 4c 43 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 44 42 39 66 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 4d 58 31 64 4c 43 4a 6c 64
                                                                                                                                                                                                                                                                Data Ascii: 9ucyI6eyJsYXVuY2hPcHRpb24iOnsibm90aWZ5TGltaXRlcklEIjoiZXhwaXJhdGlvbiIsImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl2ZU1zZyI6MzYwLCJ0cnlBZ2FpbkFmdGVyIjozMDB9fX0sInVybCI6eyJwYXJhbXMiOlt7Im5hbWUiOiJhY3Rpb24iLCJ2YWx1ZSI6MX1dLCJld
                                                                                                                                                                                                                                                                2024-02-06 09:55:15 UTC1252INData Raw: 61 63 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 41 76 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 44 72 61 77 4f 76 65 72 57 69 6e 64 6f 77 5f 45 6e 61 62 6c 65 64 3d 30 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 57 69 6e 64 6f 77 73 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 44 69 73 61 62 6c 65 57 69 6e 55 70 64 61 74 65 41 75 74 6f 52 65 62 6f 6f 74 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 45 6e 61 62 6c 65 41 75 74 6f 44 65 74 65 63 74 69 6f 6e 73 5f 45 6e 61 62 6c 65 64 3d 31 0d 0a 47 61 6d 65 52 75 6c 65 5f 4b 65 65 70 47 61
                                                                                                                                                                                                                                                                Data Ascii: actions_Enabled=1GameRule_DisableAvNotifications_Enabled=1GameRule_DisableDrawOverWindow_Enabled=0GameRule_DisableWindowsNotifications_Enabled=1GameRule_DisableWinUpdateAutoReboot_Enabled=1GameRule_EnableAutoDetections_Enabled=1GameRule_KeepGa


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                3192.168.2.44976134.160.176.284437808C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC171OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                Content-Length: 223
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC223OUTData Raw: 64 61 74 61 3d 43 41 41 51 47 42 67 42 49 4e 4d 76 4b 68 56 74 62 57 31 66 59 58 5a 68 58 33 52 7a 64 46 38 77 4d 44 64 66 4e 44 41 79 58 32 46 69 41 67 6f 41 69 41 45 41 79 67 4d 6b 4e 57 4a 6d 4d 47 4a 69 59 7a 59 74 5a 6a 45 31 4e 43 30 30 4e 47 55 34 4c 54 67 34 4d 32 59 74 4d 7a 41 33 4e 7a 6b 32 59 7a 6c 69 4d 54 55 79 38 67 4d 45 4f 44 45 35 4d 59 49 4a 51 44 4e 47 4e 55 4d 33 51 30 51 30 4e 45 51 78 52 6a 5a 42 51 7a 63 32 4f 54 6b 7a 4e 45 4e 42 52 45 45 79 4e 6a 64 43 4e 45 52 47 51 6a 52 47 4e 44 67 33 4f 54 63 79 52 6a 59 78 52 44 6b 78 51 6a 4e 44 52 54 51 7a 4d 6a 49 77 52 6a 64 47 4e 7a 6b 35 4e 45 4c 61 45 77 5a 70 59 58 5a 7a 4f 58 67 25 33 44
                                                                                                                                                                                                                                                                Data Ascii: data=CAAQGBgBINMvKhVtbW1fYXZhX3RzdF8wMDdfNDAyX2FiAgoAiAEAygMkNWJmMGJiYzYtZjE1NC00NGU4LTg4M2YtMzA3Nzk2YzliMTUy8gMEODE5MYIJQDNGNUM3Q0Q0NEQxRjZBQzc2OTkzNENBREEyNjdCNERGQjRGNDg3OTcyRjYxRDkxQjNDRTQzMjIwRjdGNzk5NELaEwZpYXZzOXg%3D
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC3195INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:38 GMT
                                                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                                                Content-Length: 32787
                                                                                                                                                                                                                                                                AB-Tests: 19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:b,oa-7675:c,oa-7794-fake:b
                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                Config-Id: 5
                                                                                                                                                                                                                                                                Config-Name: Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_web-purchase---autoactivation_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release-stage-2_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_noomnianda1_smartscanfreetrail_smartscan-free---antivirus---win10---ab-test_aosstorelink_enableddwm_enablehns3_performator_phone-support-tile_avast-forrelease-24.1_version-20.1-plus_fs-and-idp-integration_cef-72.3_v19.1-and-higher-off_opening-browser-onboarding_smartscan-free---antivirus---win10_opm_burger_tracking_limitation_multidetection_ipm_6515_6516_vps_sites_test_b_ipm_5258_campaign_toaster_reach_test_a_ipm_6513_open_ui_c_a1-migration-button_test-akamai_test-pam-no-master-password_v18.5-and-higher_installation-telemetry_cleanup-premium-installation_release---iavs9x-only_newuninstallsurvey-058da32de127186bc150775d72021f29bb81ce76bac1fe982e7e9809941a24e6
                                                                                                                                                                                                                                                                Config-Version: 4890
                                                                                                                                                                                                                                                                Segments: websocket testing,email signatures,ipm_6363_chrome_offer_setup_free,asb and chrome since 21.2,version 23.2 and higher not in fr de,free,production new installs,disabled aos sideloading,web purchase - autoactivation,webshield tls processes - release,v19.1 and higher free,ipm_4932_opm_pus_fullscale,version 18.6 and higher,production,webshield.quic.block - fraction test setup,quic sni block release stage 2,quic on,versions 22.1 and higher,previous version,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,v2017,globalflags - streamproduction ,devicewatcheron,hns pre-scan enabled countries,version 20.9 and higher,pups in avast rollout,winre bts,noomnianda1,smartscanfreetrail,smartscan free - antivirus - win10 - ab test,aosstorelink,enableddwm,enablehns3,performator,phone support tile,avast forrelease 24.1,version 20.1 plus,fs and idp integration,cef 72.3,v19.1 and higher off,opening browser onboarding,smartscan free - antivirus - win10,opm_burger_tracking_limitation,multidetection,ipm_6515_6516_vps_sites_test_b,ipm_5258_campaign_toaster_reach_test_a,ipm_6513_open_ui_c,a1 migration button,test akamai,test pam no master password,v18.5 and higher,installation telemetry,cleanup premium installation,release - iavs9x only,newuninstallsurvey
                                                                                                                                                                                                                                                                TTL: 86400
                                                                                                                                                                                                                                                                TTL-Spread: 43200
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: clear
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 5b 52 65 6d 6f 74 65 41 63 63 65 73 73 53 68 69 65 6c 64 2e 53 65 74 74 69 6e 67 5d 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 44 61 79 3d 36 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 48 6f 75 72 3d 34 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 4d 69 6e 75 74 65 3d 33 30 0d 0a 42 72 75 74 65 46 6f 72 63 65 4d 61 78 41 74 74 65 6d 70 74 73 50 65 72 54 65 6e 53 65 63 6f 6e 64 73 3d 31 32 0d 0a 5b 42 72 65 61 63 68 47 75 61 72 64 5d 0d 0a 45 6e 61 62 6c 65 64 3d 30 0d 0a 5b 57 65 62 53 68 69 65 6c 64 2e 57 65 62 53 6f 63 6b 65 74 5d 0d 0a 45 6e 61 62 6c 65 64 3d 31 0d 0a 5b 53 65 74 74 69 6e 67 73 2e 55 73 65 72 49 6e 74 65 72 66 61 63 65 5d 0d 0a
                                                                                                                                                                                                                                                                Data Ascii: [RemoteAccessShield.Setting]BruteForceMaxAttemptsPerDay=60BruteForceMaxAttemptsPerHour=40BruteForceMaxAttemptsPerMinute=30BruteForceMaxAttemptsPerTenSeconds=12[BreachGuard]Enabled=0[WebShield.WebSocket]Enabled=1[Settings.UserInterface]
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 63 6f 6d 2c 72 74 62 66 2e 62 65 2c 66 6f 72 6d 75 6c 61 31 2e 63 6f 6d 2c 77 65 61 74 68 65 72 2e 63 6f 6d 2c 6f 75 74 6c 6f 6f 6b 2e 6c 69 76 65 2e 63 6f 6d 2c 61 73 61 6e 61 2e 63 6f 6d 2c 70 72 6f 73 70 65 72 69 74 79 62 61 6e 6b 75 73 61 2e 63 6f 6d 2c 74 65 6c 65 66 6f 6e 69 63 61 2e 64 65 2c 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 2c 70 69 72 69 66 6f 72 6d 2e 63 6f 6d 2c 61 76 61 73 74 2e 63 6f 6d 2c 61 76 67 2e 63 6f 6d 2c 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2c 62 6f 6f 6b 69 6e 67 2e 63 6f 6d 2c 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 54 53 6b 69 70 70 65 64 49 6e 6a 45 78 74 3d 2d 0d 0a 41 54 53 6b 69 70 70 65 64 4f 62 73 45 78 74 3d 2d 0d 0a 41 76 61 73 74 49 6e 66 6f 43 61 72 74 52 65 71 75 65 73 74 55 72 6c 73 3d 68 74 74 70 73 3a 2f 2f 63 68 65
                                                                                                                                                                                                                                                                Data Ascii: com,rtbf.be,formula1.com,weather.com,outlook.live.com,asana.com,prosperitybankusa.com,telefonica.de,ccleaner.com,piriform.com,avast.com,avg.com,facebook.com,booking.com,google.comATSkippedInjExt=-ATSkippedObsExt=-AvastInfoCartRequestUrls=https://che
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 58 30 4a 53 54 31 64 54 52 56 4a 66 53 55 35 44 54 30 64 4f 53 56 52 50 58 31 52 50 51 56 4e 55 52 56 4a 66 56 45 56 54 56 43 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6e 52 76 59 58 4e 30 5a 58 49 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 7a 4f 44 49 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 58 46 31 59 57 77 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 5a 58 5a 6c 62 6e 51 69 66 53 77 69 59 6e 4a 76 64 33 4e 6c 63 6c 39 70 62 6d 4e 76 5a 32 35 70 64 47 39 66 5a 57 35 68 59 6d 78 6c 5a 43 4a 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 77 49 6e 30 73 4d 54 6c
                                                                                                                                                                                                                                                                Data Ascii: X0JST1dTRVJfSU5DT0dOSVRPX1RPQVNURVJfVEVTVCIsInBsYWNlbWVudCI6InRvYXN0ZXIiLCJlbGVtZW50IjozODIsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZXF1YWwiOlt7InZhcmlhYmxlIjoiZXZlbnQifSwiYnJvd3Nlcl9pbmNvZ25pdG9fZW5hYmxlZCJdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVwIn0sMTl
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 5a 53 49 36 49 6e 42 66 63 32 78 73 63 33 51 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 33 5a 77 62 69 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 47 35 6e 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 73 61 57 51 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 78 7a 64 43 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 47 6c 30 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 73 61 57 4d 69 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 46 6a 63 43 4a 39 58 53 77 69 63 47 46 79 59 57 31 7a 49 6a 70 62 65 79 4a 75 59 57 31 6c 49 6a 6f 69 59 57 4e 30 61 57 39 75 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 49 78 49 6e 30 73 65 79 4a 75 59 57 31 6c 49 6a 6f 69 63 46 39 30 59 6d 4d 69 4c 43 4a
                                                                                                                                                                                                                                                                Data Ascii: ZSI6InBfc2xsc3QifSx7Im5hbWUiOiJwX3ZwbiJ9LHsibmFtZSI6InBfbG5nIn0seyJuYW1lIjoicF9saWQifSx7Im5hbWUiOiJwX2xzdCJ9LHsibmFtZSI6InBfbGl0In0seyJuYW1lIjoicF9saWMifSx7Im5hbWUiOiJwX2FjcCJ9XSwicGFyYW1zIjpbeyJuYW1lIjoiYWN0aW9uIiwidmFsdWUiOiIxIn0seyJuYW1lIjoicF90YmMiLCJ
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 58 33 52 69 59 79 4a 39 4c 48 73 69 64 6d 46 73 64 57 55 69 4f 69 49 78 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6d 46 6a 64 47 6c 76 62 69 4a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 57 6c 6b 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 4a 42 56 6b 46 54 56 46 39 42 56 6c 39 51 51 56 6c 4e 52 55 35 55 58 30 5a 42 53 55 78 46 52 46 38 7a 4e 44 63 69 66 53 78 37 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 4d 7a 51 33 49 69 77 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 5a 57 78 74 49 6e 31 64 66 53 77 69 63 48 4a 70 62 33 4a 70 64 48 6b 69 4f 6a 45 79 4d 44 42 39 4c 48 73 69 61 57 51 69 4f 69 4a 44 54 45 39 54 52 56 39 50 52 6b 5a 46 55 6c 39 46 56 6b 56 4f 56 46 39 55 52 56 4e 55 58 30 39 47 52 6c 39 57 51 56 4a 4a 51 55 35 55 58 30 49 69 4c 43 4a 77 62 47 46
                                                                                                                                                                                                                                                                Data Ascii: X3RiYyJ9LHsidmFsdWUiOiIxIiwibmFtZSI6ImFjdGlvbiJ9LHsibmFtZSI6InBfbWlkIiwidmFsdWUiOiJBVkFTVF9BVl9QQVlNRU5UX0ZBSUxFRF8zNDcifSx7InZhbHVlIjoiMzQ3IiwibmFtZSI6InBfZWxtIn1dfSwicHJpb3JpdHkiOjEyMDB9LHsiaWQiOiJDTE9TRV9PRkZFUl9FVkVOVF9URVNUX09GRl9WQVJJQU5UX0IiLCJwbGF
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 62 69 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 78 66 53 78 37 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 56 73 62 53 49 73 49 6e 5a 68 62 48 56 6c 49 6a 6f 7a 4e 7a 5a 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 64 47 4a 6a 49 69 77 69 64 6d 46 73 64 57 55 69 4f 6a 46 39 4c 48 73 69 62 6d 46 74 5a 53 49 36 49 6e 42 66 62 57 6c 6b 49 69 77 69 64 6d 46 73 64 57 55 69 4f 69 4a 44 54 45 39 54 52 56 39 50 52 6b 5a 46 55 6c 39 46 56 6b 56 4f 56 46 39 55 52 56 4e 55 58 30 39 47 52 6c 39 57 51 56 4a 4a 51 55 35 55 58 30 4d 69 66 56 31 39 66 53 78 37 49 6d 6c 6b 49 6a 6f 69 51 56 5a 42 55 31 52 66 54 31 42 46 54 6c 39 56 53 56 39 50 54 31 38 78 4f 44 59 78 4d 53 49 73 49 6e 42 73 59 57 4e 6c 62 57 56 75 64 43 49 36 49 6d 4a 73 59 57 35 72 58 33 42 76 63 48 56
                                                                                                                                                                                                                                                                Data Ascii: biIsInZhbHVlIjoxfSx7Im5hbWUiOiJwX2VsbSIsInZhbHVlIjozNzZ9LHsibmFtZSI6InBfdGJjIiwidmFsdWUiOjF9LHsibmFtZSI6InBfbWlkIiwidmFsdWUiOiJDTE9TRV9PRkZFUl9FVkVOVF9URVNUX09GRl9WQVJJQU5UX0MifV19fSx7ImlkIjoiQVZBU1RfT1BFTl9VSV9PT18xODYxMSIsInBsYWNlbWVudCI6ImJsYW5rX3BvcHV
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 49 6e 5a 68 62 48 56 6c 49 6a 6f 69 51 56 5a 42 55 31 52 66 54 31 42 46 54 6c 39 56 53 56 39 50 54 31 38 78 4f 44 59 78 4d 53 49 73 49 6d 35 68 62 57 55 69 4f 69 4a 77 58 32 31 70 5a 43 4a 39 58 58 31 39 4c 48 73 69 61 57 51 69 4f 69 4a 4f 51 55 64 66 52 56 68 51 53 56 4a 4a 54 6b 64 66 55 45 46 4e 58 30 46 57 51 56 4e 55 49 69 77 69 63 47 78 68 59 32 56 74 5a 57 35 30 49 6a 6f 69 63 47 39 77 64 58 41 69 4c 43 4a 6c 62 47 56 74 5a 57 35 30 49 6a 6f 79 4e 7a 4d 73 49 6d 4e 76 62 6e 4e 30 63 6d 46 70 62 6e 52 7a 49 6a 70 37 49 6d 46 75 5a 43 49 36 57 33 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 63 6d 38 69 66 53 77 77 58 58 30 73 65 79 4a 73 5a 58 4e 7a 5a 58 45 69 4f 6c 74
                                                                                                                                                                                                                                                                Data Ascii: InZhbHVlIjoiQVZBU1RfT1BFTl9VSV9PT18xODYxMSIsIm5hbWUiOiJwX21pZCJ9XX19LHsiaWQiOiJOQUdfRVhQSVJJTkdfUEFNX0FWQVNUIiwicGxhY2VtZW50IjoicG9wdXAiLCJlbGVtZW50IjoyNzMsImNvbnN0cmFpbnRzIjp7ImFuZCI6W3siZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wcm8ifSwwXX0seyJsZXNzZXEiOlt
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 63 46 39 77 62 57 78 6c 65 43 4a 39 4c 43 30 78 4e 56 31 39 4c 48 73 69 62 47 56 7a 63 32 56 78 49 6a 70 62 65 79 4a 32 59 58 4a 70 59 57 4a 73 5a 53 49 36 49 6d 6c 77 62 53 35 77 58 33 42 74 62 47 56 34 49 6e 30 73 4d 46 31 39 4c 48 73 69 5a 33 4a 6c 59 58 52 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 46 64 66 53 78 37 49 6d 78 6c 63 33 4e 6c 63 53 49 36 57 33 73 69 64 6d 46 79 61 57 46 69 62 47 55 69 4f 69 4a 70 63 47 30 75 63 46 39 77 62 57 78 7a 64 43 4a 39 4c 44 4e 64 66 53 78 37 49 6d 64 79 5a 57 46 30 5a 58 45 69 4f 6c 74 37 49 6e 5a 68 63 6d 6c 68 59 6d 78 6c 49 6a 6f 69 61 58 42 74 4c 6e 42 66 64 6d 56 77 49 6e 30 73 4d 54 6c 64 66 53 78 37 49 6d 64 79 5a 57 46
                                                                                                                                                                                                                                                                Data Ascii: cF9wbWxleCJ9LC0xNV19LHsibGVzc2VxIjpbeyJ2YXJpYWJsZSI6ImlwbS5wX3BtbGV4In0sMF19LHsiZ3JlYXRlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDFdfSx7Imxlc3NlcSI6W3sidmFyaWFibGUiOiJpcG0ucF9wbWxzdCJ9LDNdfSx7ImdyZWF0ZXEiOlt7InZhcmlhYmxlIjoiaXBtLnBfdmVwIn0sMTldfSx7ImdyZWF
                                                                                                                                                                                                                                                                2024-02-06 09:55:38 UTC1252INData Raw: 62 33 42 30 61 57 39 75 63 79 49 36 65 79 4a 73 59 58 56 75 59 32 68 50 63 48 52 70 62 32 34 69 4f 6e 73 69 62 6d 39 30 61 57 5a 35 54 47 6c 74 61 58 52 6c 63 6b 6c 45 49 6a 6f 69 5a 58 68 77 61 58 4a 68 64 47 6c 76 62 69 49 73 49 6d 46 31 64 47 39 4a 62 6d 4e 79 5a 57 31 6c 62 6e 52 4e 63 32 64 54 61 47 39 33 62 69 49 36 64 48 4a 31 5a 53 77 69 63 6d 56 77 5a 57 46 30 5a 58 49 69 4f 6e 73 69 64 47 6c 74 5a 56 52 76 54 47 6c 32 5a 55 46 6a 64 47 6c 32 5a 55 31 7a 5a 79 49 36 4d 7a 59 77 4c 43 4a 30 63 6e 6c 42 5a 32 46 70 62 6b 46 6d 64 47 56 79 49 6a 6f 7a 4d 44 42 39 66 58 30 73 49 6e 56 79 62 43 49 36 65 79 4a 77 59 58 4a 68 62 58 4d 69 4f 6c 74 37 49 6d 35 68 62 57 55 69 4f 69 4a 68 59 33 52 70 62 32 34 69 4c 43 4a 32 59 57 78 31 5a 53 49 36 4d 58 31
                                                                                                                                                                                                                                                                Data Ascii: b3B0aW9ucyI6eyJsYXVuY2hPcHRpb24iOnsibm90aWZ5TGltaXRlcklEIjoiZXhwaXJhdGlvbiIsImF1dG9JbmNyZW1lbnRNc2dTaG93biI6dHJ1ZSwicmVwZWF0ZXIiOnsidGltZVRvTGl2ZUFjdGl2ZU1zZyI6MzYwLCJ0cnlBZ2FpbkFmdGVyIjozMDB9fX0sInVybCI6eyJwYXJhbXMiOlt7Im5hbWUiOiJhY3Rpb24iLCJ2YWx1ZSI6MX1


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                4192.168.2.44976234.117.223.2234437808C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:55:43 UTC175OUTPOST /v4/receive/json/70 HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                User-Agent: Avast SimpleHttp/3.0
                                                                                                                                                                                                                                                                Content-Length: 492
                                                                                                                                                                                                                                                                Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                2024-02-06 09:55:43 UTC492OUTData Raw: 7b 22 72 65 63 6f 72 64 22 3a 5b 7b 22 65 76 65 6e 74 22 3a 7b 22 73 75 62 74 79 70 65 22 3a 32 2c 22 74 69 6d 65 22 3a 31 37 30 37 32 31 38 33 31 39 35 33 35 2c 22 74 79 70 65 22 3a 37 30 7d 2c 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 67 75 69 64 22 3a 22 35 62 66 30 62 62 63 36 2d 66 31 35 34 2d 34 34 65 38 2d 38 38 33 66 2d 33 30 37 37 39 36 63 39 62 31 35 32 22 2c 22 68 77 69 64 22 3a 22 33 46 35 43 37 43 44 34 34 44 31 46 36 41 43 37 36 39 39 33 34 43 41 44 41 32 36 37 42 34 44 46 42 34 46 34 38 37 39 37 32 46 36 31 44 39 31 42 33 43 45 34 33 32 32 30 46 37 46 37 39 39 34 42 22 7d 2c 22 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 22 3a 7b 22 61 69 69 64 22 3a 22 6d 6d 6d 5f 61 76 61 5f 74 73 74 5f 30 30 37 5f 34 30 32 5f 61 22 7d 2c 22 69 6e 73 74 75 70 22 3a
                                                                                                                                                                                                                                                                Data Ascii: {"record":[{"event":{"subtype":2,"time":1707218319535,"type":70},"identity":{"guid":"5bf0bbc6-f154-44e8-883f-307796c9b152","hwid":"3F5C7CD44D1F6AC769934CADA267B4DFB4F487972F61D91B3CE43220F7F7994B"},"installation":{"aiid":"mmm_ava_tst_007_402_a"},"instup":
                                                                                                                                                                                                                                                                2024-02-06 09:55:43 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:43 GMT
                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-02-06 09:55:43 UTC19INData Raw: 7b 22 70 72 6f 63 65 73 73 65 64 22 3a 20 74 72 75 65 7d
                                                                                                                                                                                                                                                                Data Ascii: {"processed": true}


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                5192.168.2.44976334.117.223.2234437808C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:55:43 UTC202OUTPOST /cgi-bin/iavsevents.cgi HTTP/1.1
                                                                                                                                                                                                                                                                Host: v7event.stats.avast.com
                                                                                                                                                                                                                                                                User-Agent: avast! Antivirus
                                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                                Content-MD5: ZkEDAGWzyqv2WmrG5W6YTg==
                                                                                                                                                                                                                                                                Content-Type: iavs4/stats
                                                                                                                                                                                                                                                                Content-Length: 326
                                                                                                                                                                                                                                                                2024-02-06 09:55:43 UTC326OUTData Raw: 49 6e 73 74 75 70 56 65 72 73 69 6f 6e 3d 32 34 2e 31 2e 38 38 32 31 2e 30 0a 63 6f 6f 6b 69 65 3d 6d 6d 6d 5f 61 76 61 5f 74 73 74 5f 30 30 37 5f 34 30 32 5f 61 0a 65 64 69 74 69 6f 6e 3d 31 0a 65 76 65 6e 74 3d 69 6e 73 74 61 6c 6c 5f 69 6e 74 72 6f 0a 67 75 69 64 3d 35 62 66 30 62 62 63 36 2d 66 31 35 34 2d 34 34 65 38 2d 38 38 33 66 2d 33 30 37 37 39 36 63 39 62 31 35 32 0a 6d 69 64 65 78 3d 33 66 35 63 37 63 64 34 34 64 31 66 36 61 63 37 36 39 39 33 34 63 61 64 61 32 36 37 62 34 64 66 62 34 66 34 38 37 39 37 32 66 36 31 64 39 31 62 33 63 65 34 33 32 32 30 66 37 66 37 39 39 34 62 0a 6f 70 65 72 61 74 69 6f 6e 3d 32 0a 6f 73 3d 77 69 6e 2c 31 30 2c 30 2c 32 2c 31 39 30 34 35 2c 30 2c 41 4d 44 36 34 0a 73 74 61 74 5f 73 65 73 73 69 6f 6e 3d 30 65 34 30
                                                                                                                                                                                                                                                                Data Ascii: InstupVersion=24.1.8821.0cookie=mmm_ava_tst_007_402_aedition=1event=install_introguid=5bf0bbc6-f154-44e8-883f-307796c9b152midex=3f5c7cd44d1f6ac769934cada267b4dfb4f487972f61d91b3ce43220f7f7994boperation=2os=win,10,0,2,19045,0,AMD64stat_session=0e40
                                                                                                                                                                                                                                                                2024-02-06 09:55:44 UTC172INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:55:44 GMT
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Connection: close


                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                6192.168.2.44976634.117.223.2234437808C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                2024-02-06 09:56:42 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                                                                                                User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                Content-Length: 544
                                                                                                                                                                                                                                                                Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                2024-02-06 09:56:42 UTC544OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a bd 92 cd 6a d4 50 14 c7 27 d3 61 3a 86 0a 75 8a a0 b3 0a 61 16 2d 4c d2 7b 73 6f 6e 72 57 4e 3e 26 b6 e2 60 99 e9 58 91 2c 26 1f 37 4d 20 26 c3 4d 4a 47 c4 bd 4b 9f c0 ad 0b c1 07 70 e1 03 b8 15 5c f9 30 26 2e 0a 82 48 57 9e d5 f9 e0 7f 7e e7 c0 5f fc da 17 53 7b 8a 3c dd 31 1c 17 63 17 7a c4 72 0c 42 29 c2 8e e5 5a 1a 31 6c ec 7a 36 f6 b0 69 50 43 f3 08 74 29 b4 91 33 c3 48 d3 80 67 78 06 a5 d8 7e 32 d6 c3 04 84 61 44 94 04 ea 58 c1 98 99 8a 69 a2 44 41 c0 30 28 89 68 08 75 6d f8 a5 27 f6 84 fb 77 85 fd 0f 3f de ff dc 3b dc be fc d8 13 b3 81 30 3c 5d 96 49 7d 1d 70 e6 3f 2e cb cb 9c f9 ab 4d 1c d4 cc 77 f2 8c 15 f5 b2 6e f3 37 a6 45 a8 8b b0 ae b8 3a 69 08 04 45 8a e5 79 50 69 db 74 a6 23 e0 51 f2 76 b4 9b 07 55 cd af 0a f9
                                                                                                                                                                                                                                                                Data Ascii: jP'a:ua-L{sonrWN>&`X,&7M &MJGKp\0&.HW~_S{<1czrB)Z1lz6iPCt)3Hgx~2aDXiDA0(hum'w?;0<]I}p?.Mwn7E:iEyPit#QvU
                                                                                                                                                                                                                                                                2024-02-06 09:56:42 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                Server: nginx
                                                                                                                                                                                                                                                                Date: Tue, 06 Feb 2024 09:56:42 GMT
                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                Content-Length: 24
                                                                                                                                                                                                                                                                X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                Via: 1.1 google
                                                                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                2024-02-06 09:56:42 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                Start time:10:55:06
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\_.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:C:\Users\user\Desktop\_.exe
                                                                                                                                                                                                                                                                Imagebase:0x300000
                                                                                                                                                                                                                                                                File size:263'008 bytes
                                                                                                                                                                                                                                                                MD5 hash:56354F6191810E362BF2AE7B3F6E82B4
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                                Start time:10:55:09
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.75bd35e031d85f83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83
                                                                                                                                                                                                                                                                Imagebase:0x7ff6c78c0000
                                                                                                                                                                                                                                                                File size:10'700'528 bytes
                                                                                                                                                                                                                                                                MD5 hash:3BA1265F701C2D4A6EDEC89270D18B2F
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                Start time:10:55:13
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.c8e10c29a108e125\Instup.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.c8e10c29a108e125\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83
                                                                                                                                                                                                                                                                Imagebase:0x7ff670780000
                                                                                                                                                                                                                                                                File size:3'889'096 bytes
                                                                                                                                                                                                                                                                MD5 hash:CA4A5F3F1AADF421F89C19505055C7A9
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                                                Start time:10:55:34
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.c8e10c29a108e125 /edition:1 /prod:ais /stub_mapping_guid:acd5ab4f-8662-40ed-954e-6ce75457b438:10700528 /guid:5bf0bbc6-f154-44e8-883f-307796c9b152 /ga_clientid:0e40ef31-a29c-4f55-a521-dfde990cdf4c /cookie:mmm_ava_tst_007_402_a /edat_dir:C:\Windows\Temp\asw.75bd35e031d85f83 /online_installer
                                                                                                                                                                                                                                                                Imagebase:0x7ff684c90000
                                                                                                                                                                                                                                                                File size:3'889'096 bytes
                                                                                                                                                                                                                                                                MD5 hash:CA4A5F3F1AADF421F89C19505055C7A9
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                Start time:10:55:43
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkGToolbar -elevated
                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                File size:2'407'880 bytes
                                                                                                                                                                                                                                                                MD5 hash:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                Start time:10:55:43
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" /check_secure_browser
                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                File size:2'407'880 bytes
                                                                                                                                                                                                                                                                MD5 hash:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                Start time:10:55:43
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChrome -elevated
                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                File size:2'407'880 bytes
                                                                                                                                                                                                                                                                MD5 hash:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                Start time:10:55:43
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Windows\Temp\asw.c8e10c29a108e125\New_180117d3\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
                                                                                                                                                                                                                                                                Imagebase:0x600000
                                                                                                                                                                                                                                                                File size:2'407'880 bytes
                                                                                                                                                                                                                                                                MD5 hash:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                Start time:10:55:44
                                                                                                                                                                                                                                                                Start date:06/02/2024
                                                                                                                                                                                                                                                                Path:C:\Users\Public\Documents\aswOfferTool.exe
                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                Commandline:"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
                                                                                                                                                                                                                                                                Imagebase:0x2a0000
                                                                                                                                                                                                                                                                File size:2'407'880 bytes
                                                                                                                                                                                                                                                                MD5 hash:7367CD4766242EA02249545D42987681
                                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:10.9%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                  Signature Coverage:17.5%
                                                                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:42
                                                                                                                                                                                                                                                                  execution_graph 14546 301020 HeapSetInformation GetModuleHandleW 14547 301063 SetDllDirectoryW GetModuleHandleW 14546->14547 14548 30103e GetProcAddress 14546->14548 14549 3010a2 IsProcessorFeaturePresent 14547->14549 14550 30107d GetProcAddress 14547->14550 14548->14547 14560 301050 14548->14560 14551 3010c6 14549->14551 14552 3010ae 14549->14552 14550->14549 14553 30108f 14550->14553 14565 307dc0 GetVersionExW 14551->14565 14554 303b50 9 API calls 14552->14554 14553->14549 14556 3010b8 ExitProcess 14554->14556 14558 3010d2 14574 303b50 #17 LoadStringW LoadStringW MessageBoxExW 14558->14574 14559 3010ea 14577 31066e 14559->14577 14560->14547 14560->14549 14566 307e29 GetLastError 14565->14566 14567 307dee 14565->14567 14587 307b80 14566->14587 14580 31094e 14567->14580 14570 3010cb 14570->14558 14570->14559 14573 307e51 14575 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14574->14575 14576 3010dc ExitProcess 14575->14576 14759 310dc5 14577->14759 14579 310673 14579->14579 14581 310957 14580->14581 14582 310959 IsProcessorFeaturePresent 14580->14582 14581->14570 14584 311177 14582->14584 14595 31113b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14584->14595 14586 31125a 14586->14570 14596 312806 14587->14596 14589 307bbd 14590 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14589->14590 14591 307bd9 14590->14591 14592 311dca 14591->14592 14593 311dea RaiseException 14592->14593 14593->14573 14595->14586 14597 312813 14596->14597 14600 312840 14596->14600 14597->14600 14602 314f26 14597->14602 14600->14589 14603 318bb3 14602->14603 14604 318bf1 14603->14604 14606 318bc5 __dosmaperr 14603->14606 14607 318bdc HeapAlloc 14603->14607 14625 314f0e 14604->14625 14606->14604 14606->14607 14620 317cc3 14606->14620 14607->14606 14608 318bef 14607->14608 14609 312830 14608->14609 14609->14600 14611 31838e 14609->14611 14612 31839b 14611->14612 14613 3183a9 14611->14613 14612->14613 14615 3183c0 14612->14615 14614 314f0e _free 20 API calls 14613->14614 14619 3183b1 14614->14619 14617 3183bb 14615->14617 14618 314f0e _free 20 API calls 14615->14618 14617->14600 14618->14619 14735 3143d0 14619->14735 14628 317d07 14620->14628 14622 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14623 317d03 14622->14623 14623->14606 14624 317cd9 14624->14622 14639 3188b9 GetLastError 14625->14639 14629 317d13 ___BuildCatchObject 14628->14629 14634 31ae61 EnterCriticalSection 14629->14634 14631 317d1e 14635 317d50 14631->14635 14633 317d45 __onexit 14633->14624 14634->14631 14638 31aeb1 LeaveCriticalSection 14635->14638 14637 317d57 14637->14633 14638->14637 14640 3188d2 14639->14640 14641 3188d8 14639->14641 14658 31b08b 14640->14658 14645 31892f SetLastError 14641->14645 14665 31a002 14641->14665 14648 314f13 14645->14648 14646 3188f2 14672 318b79 14646->14672 14648->14609 14651 31890e 14685 31869c 14651->14685 14652 3188f8 14654 318926 SetLastError 14652->14654 14654->14648 14656 318b79 _free 17 API calls 14657 31891f 14656->14657 14657->14645 14657->14654 14690 31aec8 14658->14690 14660 31b0b2 14661 31b0ca TlsGetValue 14660->14661 14662 31b0be 14660->14662 14661->14662 14663 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14662->14663 14664 31b0db 14663->14664 14664->14641 14670 31a00f __dosmaperr 14665->14670 14666 31a04f 14668 314f0e _free 19 API calls 14666->14668 14667 31a03a RtlAllocateHeap 14667->14670 14669 3188ea 14668->14669 14669->14646 14678 31b0e1 14669->14678 14670->14666 14670->14667 14670->14669 14671 317cc3 __dosmaperr 7 API calls 14670->14671 14671->14670 14673 318bad _free 14672->14673 14674 318b84 HeapFree 14672->14674 14673->14652 14674->14673 14675 318b99 14674->14675 14676 314f0e _free 18 API calls 14675->14676 14677 318b9f GetLastError 14676->14677 14677->14673 14679 31aec8 __dosmaperr 5 API calls 14678->14679 14680 31b108 14679->14680 14681 31b123 TlsSetValue 14680->14681 14682 31b117 14680->14682 14681->14682 14683 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14682->14683 14684 318907 14683->14684 14684->14646 14684->14651 14703 318674 14685->14703 14691 31aef8 __crt_fast_encode_pointer 14690->14691 14694 31aef4 14690->14694 14691->14660 14693 31af24 GetProcAddress 14693->14691 14694->14691 14695 31af18 14694->14695 14696 31af64 14694->14696 14695->14691 14695->14693 14697 31af85 LoadLibraryExW 14696->14697 14702 31af7a 14696->14702 14698 31afa2 GetLastError 14697->14698 14701 31afba 14697->14701 14699 31afad LoadLibraryExW 14698->14699 14698->14701 14699->14701 14700 31afd1 FreeLibrary 14700->14702 14701->14700 14701->14702 14702->14694 14709 3185b4 14703->14709 14705 318698 14706 318624 14705->14706 14719 3184b8 14706->14719 14708 318648 14708->14656 14710 3185c0 ___BuildCatchObject 14709->14710 14715 31ae61 EnterCriticalSection 14710->14715 14712 3185ca 14716 3185f0 14712->14716 14714 3185e8 __onexit 14714->14705 14715->14712 14717 31aeb1 _abort LeaveCriticalSection 14716->14717 14718 3185fa 14717->14718 14718->14714 14720 3184c4 ___BuildCatchObject 14719->14720 14727 31ae61 EnterCriticalSection 14720->14727 14722 3184ce 14728 3187ea 14722->14728 14724 3184e6 14732 3184fc 14724->14732 14726 3184f4 __onexit 14726->14708 14727->14722 14729 318820 __fassign 14728->14729 14730 3187f9 __fassign 14728->14730 14729->14724 14730->14729 14731 31b937 __fassign 20 API calls 14730->14731 14731->14729 14733 31aeb1 _abort LeaveCriticalSection 14732->14733 14734 318506 14733->14734 14734->14726 14738 314355 14735->14738 14737 3143dc 14737->14617 14739 3188b9 __dosmaperr 20 API calls 14738->14739 14740 31436b 14739->14740 14741 3143ca 14740->14741 14742 314379 14740->14742 14749 3143fd IsProcessorFeaturePresent 14741->14749 14746 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14742->14746 14744 3143cf 14745 314355 __mbsinc 26 API calls 14744->14745 14747 3143dc 14745->14747 14748 3143a0 14746->14748 14747->14737 14748->14737 14750 314408 14749->14750 14753 314206 14750->14753 14754 314222 ___scrt_fastfail 14753->14754 14755 31424e IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14754->14755 14758 31431f ___scrt_fastfail 14755->14758 14756 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14757 31433d GetCurrentProcess TerminateProcess 14756->14757 14757->14744 14758->14756 14760 310ddb 14759->14760 14762 310de4 14760->14762 14763 310d78 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 14760->14763 14762->14579 14763->14762 18001 318720 18002 31872b 18001->18002 18003 31873b 18001->18003 18007 318741 18002->18007 18006 318b79 _free 20 API calls 18006->18003 18008 318754 18007->18008 18009 31875a 18007->18009 18010 318b79 _free 20 API calls 18008->18010 18011 318b79 _free 20 API calls 18009->18011 18010->18009 18012 318766 18011->18012 18013 318b79 _free 20 API calls 18012->18013 18014 318771 18013->18014 18015 318b79 _free 20 API calls 18014->18015 18016 31877c 18015->18016 18017 318b79 _free 20 API calls 18016->18017 18018 318787 18017->18018 18019 318b79 _free 20 API calls 18018->18019 18020 318792 18019->18020 18021 318b79 _free 20 API calls 18020->18021 18022 31879d 18021->18022 18023 318b79 _free 20 API calls 18022->18023 18024 3187a8 18023->18024 18025 318b79 _free 20 API calls 18024->18025 18026 3187b3 18025->18026 18027 318b79 _free 20 API calls 18026->18027 18028 3187c1 18027->18028 18033 3185fc 18028->18033 18039 318508 18033->18039 18035 318620 18036 31864c 18035->18036 18052 318569 18036->18052 18038 318670 18038->18006 18040 318514 ___BuildCatchObject 18039->18040 18047 31ae61 EnterCriticalSection 18040->18047 18043 31851e 18044 318b79 _free 20 API calls 18043->18044 18046 318548 18043->18046 18044->18046 18045 318555 __onexit 18045->18035 18048 31855d 18046->18048 18047->18043 18051 31aeb1 LeaveCriticalSection 18048->18051 18050 318567 18050->18045 18051->18050 18053 318575 ___BuildCatchObject 18052->18053 18060 31ae61 EnterCriticalSection 18053->18060 18055 31857f 18056 3187ea __dosmaperr 20 API calls 18055->18056 18057 318592 18056->18057 18061 3185a8 18057->18061 18059 3185a0 __onexit 18059->18038 18060->18055 18064 31aeb1 LeaveCriticalSection 18061->18064 18063 3185b2 18063->18059 18064->18063 18092 319b10 18102 31e0f7 18092->18102 18096 319b1d 18115 31e1d8 18096->18115 18099 319b47 18100 318b79 _free 20 API calls 18099->18100 18101 319b52 18100->18101 18119 31e100 18102->18119 18104 319b18 18105 31dfaa 18104->18105 18106 31dfb6 ___BuildCatchObject 18105->18106 18139 31ae61 EnterCriticalSection 18106->18139 18108 31e02c 18153 31e041 18108->18153 18110 31dfc1 18110->18108 18112 31e000 DeleteCriticalSection 18110->18112 18140 31f603 18110->18140 18111 31e038 __onexit 18111->18096 18114 318b79 _free 20 API calls 18112->18114 18114->18110 18116 319b2c DeleteCriticalSection 18115->18116 18117 31e1ee 18115->18117 18116->18096 18116->18099 18117->18116 18118 318b79 _free 20 API calls 18117->18118 18118->18116 18120 31e10c ___BuildCatchObject 18119->18120 18129 31ae61 EnterCriticalSection 18120->18129 18122 31e1af 18134 31e1cf 18122->18134 18126 31e1bb __onexit 18126->18104 18127 31e0b0 66 API calls 18128 31e11b 18127->18128 18128->18122 18128->18127 18130 319b5c EnterCriticalSection 18128->18130 18131 31e1a5 18128->18131 18129->18128 18130->18128 18137 319b70 LeaveCriticalSection 18131->18137 18133 31e1ad 18133->18128 18138 31aeb1 LeaveCriticalSection 18134->18138 18136 31e1d6 18136->18126 18137->18133 18138->18136 18139->18110 18141 31f60f ___BuildCatchObject 18140->18141 18142 31f620 18141->18142 18143 31f635 18141->18143 18144 314f0e _free 20 API calls 18142->18144 18152 31f630 __onexit 18143->18152 18156 319b5c EnterCriticalSection 18143->18156 18145 31f625 18144->18145 18147 3143d0 __mbsinc 26 API calls 18145->18147 18147->18152 18148 31f651 18157 31f58d 18148->18157 18150 31f65c 18173 31f679 18150->18173 18152->18110 18421 31aeb1 LeaveCriticalSection 18153->18421 18155 31e048 18155->18111 18156->18148 18158 31f59a 18157->18158 18159 31f5af 18157->18159 18160 314f0e _free 20 API calls 18158->18160 18164 31f5aa 18159->18164 18176 31e04a 18159->18176 18161 31f59f 18160->18161 18163 3143d0 __mbsinc 26 API calls 18161->18163 18163->18164 18164->18150 18166 31e1d8 20 API calls 18167 31f5cb 18166->18167 18182 319a17 18167->18182 18169 31f5d1 18189 320883 18169->18189 18172 318b79 _free 20 API calls 18172->18164 18420 319b70 LeaveCriticalSection 18173->18420 18175 31f681 18175->18152 18177 31e05e 18176->18177 18178 31e062 18176->18178 18177->18166 18178->18177 18179 319a17 26 API calls 18178->18179 18180 31e082 18179->18180 18204 31f1fd 18180->18204 18183 319a23 18182->18183 18184 319a38 18182->18184 18185 314f0e _free 20 API calls 18183->18185 18184->18169 18186 319a28 18185->18186 18187 3143d0 __mbsinc 26 API calls 18186->18187 18188 319a33 18187->18188 18188->18169 18190 320892 18189->18190 18191 3208a7 18189->18191 18192 314efb __dosmaperr 20 API calls 18190->18192 18193 3208e2 18191->18193 18198 3208ce 18191->18198 18195 320897 18192->18195 18194 314efb __dosmaperr 20 API calls 18193->18194 18196 3208e7 18194->18196 18197 314f0e _free 20 API calls 18195->18197 18199 314f0e _free 20 API calls 18196->18199 18202 31f5d7 18197->18202 18377 32085b 18198->18377 18201 3208ef 18199->18201 18203 3143d0 __mbsinc 26 API calls 18201->18203 18202->18164 18202->18172 18203->18202 18205 31f209 ___BuildCatchObject 18204->18205 18206 31f211 18205->18206 18207 31f229 18205->18207 18229 314efb 18206->18229 18209 31f2c7 18207->18209 18213 31f25e 18207->18213 18211 314efb __dosmaperr 20 API calls 18209->18211 18214 31f2cc 18211->18214 18212 314f0e _free 20 API calls 18224 31f21e __onexit 18212->18224 18232 31b4ad EnterCriticalSection 18213->18232 18216 314f0e _free 20 API calls 18214->18216 18218 31f2d4 18216->18218 18217 31f264 18219 31f280 18217->18219 18220 31f295 18217->18220 18221 3143d0 __mbsinc 26 API calls 18218->18221 18223 314f0e _free 20 API calls 18219->18223 18233 31f2e8 18220->18233 18221->18224 18226 31f285 18223->18226 18224->18177 18225 31f290 18284 31f2bf 18225->18284 18227 314efb __dosmaperr 20 API calls 18226->18227 18227->18225 18230 3188b9 __dosmaperr 20 API calls 18229->18230 18231 314f00 18230->18231 18231->18212 18232->18217 18234 31f316 18233->18234 18280 31f30f 18233->18280 18235 31f339 18234->18235 18236 31f31a 18234->18236 18239 31f38a 18235->18239 18240 31f36d 18235->18240 18238 314efb __dosmaperr 20 API calls 18236->18238 18237 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 18241 31f4f0 18237->18241 18242 31f31f 18238->18242 18244 31f3a0 18239->18244 18287 31f572 18239->18287 18243 314efb __dosmaperr 20 API calls 18240->18243 18241->18225 18245 314f0e _free 20 API calls 18242->18245 18246 31f372 18243->18246 18290 31ee8d 18244->18290 18248 31f326 18245->18248 18251 314f0e _free 20 API calls 18246->18251 18252 3143d0 __mbsinc 26 API calls 18248->18252 18255 31f37a 18251->18255 18252->18280 18253 31f3e7 18259 31f441 WriteFile 18253->18259 18260 31f3fb 18253->18260 18254 31f3ae 18256 31f3b2 18254->18256 18257 31f3d4 18254->18257 18258 3143d0 __mbsinc 26 API calls 18255->18258 18274 31f4a8 18256->18274 18297 31ee20 18256->18297 18302 31ec6d GetConsoleCP 18257->18302 18258->18280 18262 31f464 GetLastError 18259->18262 18269 31f3ca 18259->18269 18263 31f431 18260->18263 18264 31f403 18260->18264 18262->18269 18328 31ef03 18263->18328 18267 31f421 18264->18267 18271 31f408 18264->18271 18320 31f0d0 18267->18320 18273 31f484 18269->18273 18269->18274 18269->18280 18270 314f0e _free 20 API calls 18272 31f4cd 18270->18272 18271->18274 18313 31efe2 18271->18313 18276 314efb __dosmaperr 20 API calls 18272->18276 18277 31f48b 18273->18277 18278 31f49f 18273->18278 18274->18270 18274->18280 18276->18280 18281 314f0e _free 20 API calls 18277->18281 18335 314ed8 18278->18335 18280->18237 18282 31f490 18281->18282 18283 314efb __dosmaperr 20 API calls 18282->18283 18283->18280 18376 31b4d0 LeaveCriticalSection 18284->18376 18286 31f2c5 18286->18224 18340 31f4f4 18287->18340 18362 31e216 18290->18362 18292 31ee9d 18293 31eea2 18292->18293 18294 318835 _abort 38 API calls 18292->18294 18293->18253 18293->18254 18295 31eec5 18294->18295 18295->18293 18296 31eee3 GetConsoleMode 18295->18296 18296->18293 18299 31ee45 18297->18299 18301 31ee7a 18297->18301 18298 31ee7c GetLastError 18298->18301 18299->18298 18300 320794 WriteConsoleW CreateFileW 18299->18300 18299->18301 18300->18299 18301->18269 18305 31ecd0 18302->18305 18312 31ede2 18302->18312 18303 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 18304 31ee1c 18303->18304 18304->18269 18307 318fe8 40 API calls __fassign 18305->18307 18308 31ed56 WideCharToMultiByte 18305->18308 18311 31edad WriteFile 18305->18311 18305->18312 18371 31898a 18305->18371 18307->18305 18309 31ed7c WriteFile 18308->18309 18308->18312 18309->18305 18310 31ee05 GetLastError 18309->18310 18310->18312 18311->18305 18311->18310 18312->18303 18318 31eff1 18313->18318 18314 31f0b3 18315 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 18314->18315 18319 31f0cc 18315->18319 18316 31f06f WriteFile 18317 31f0b5 GetLastError 18316->18317 18316->18318 18317->18314 18318->18314 18318->18316 18319->18269 18325 31f0df 18320->18325 18321 31f1ea 18322 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 18321->18322 18323 31f1f9 18322->18323 18323->18269 18324 31f161 WideCharToMultiByte 18326 31f1e2 GetLastError 18324->18326 18327 31f196 WriteFile 18324->18327 18325->18321 18325->18324 18325->18327 18326->18321 18327->18325 18327->18326 18333 31ef12 18328->18333 18329 31efc5 18330 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 18329->18330 18332 31efde 18330->18332 18331 31ef84 WriteFile 18331->18333 18334 31efc7 GetLastError 18331->18334 18332->18269 18333->18329 18333->18331 18334->18329 18336 314efb __dosmaperr 20 API calls 18335->18336 18337 314ee3 _free 18336->18337 18338 314f0e _free 20 API calls 18337->18338 18339 314ef6 18338->18339 18339->18280 18349 31b584 18340->18349 18342 31f506 18343 31f51f SetFilePointerEx 18342->18343 18344 31f50e 18342->18344 18346 31f537 GetLastError 18343->18346 18347 31f513 18343->18347 18345 314f0e _free 20 API calls 18344->18345 18345->18347 18348 314ed8 __dosmaperr 20 API calls 18346->18348 18347->18244 18348->18347 18350 31b591 18349->18350 18351 31b5a6 18349->18351 18352 314efb __dosmaperr 20 API calls 18350->18352 18353 314efb __dosmaperr 20 API calls 18351->18353 18355 31b5cb 18351->18355 18354 31b596 18352->18354 18356 31b5d6 18353->18356 18357 314f0e _free 20 API calls 18354->18357 18355->18342 18358 314f0e _free 20 API calls 18356->18358 18359 31b59e 18357->18359 18360 31b5de 18358->18360 18359->18342 18361 3143d0 __mbsinc 26 API calls 18360->18361 18361->18359 18363 31e230 18362->18363 18364 31e223 18362->18364 18366 31e23c 18363->18366 18367 314f0e _free 20 API calls 18363->18367 18365 314f0e _free 20 API calls 18364->18365 18369 31e228 18365->18369 18366->18292 18368 31e25d 18367->18368 18370 3143d0 __mbsinc 26 API calls 18368->18370 18369->18292 18370->18369 18372 318835 _abort 38 API calls 18371->18372 18373 318995 18372->18373 18374 318ae1 __fassign 38 API calls 18373->18374 18375 3189a5 18374->18375 18375->18305 18376->18286 18380 3207d9 18377->18380 18379 32087f 18379->18202 18381 3207e5 ___BuildCatchObject 18380->18381 18391 31b4ad EnterCriticalSection 18381->18391 18383 3207f3 18384 320825 18383->18384 18385 32081a 18383->18385 18387 314f0e _free 20 API calls 18384->18387 18392 320902 18385->18392 18388 320820 18387->18388 18407 32084f 18388->18407 18390 320842 __onexit 18390->18379 18391->18383 18393 31b584 26 API calls 18392->18393 18396 320912 18393->18396 18394 320918 18410 31b4f3 18394->18410 18396->18394 18398 31b584 26 API calls 18396->18398 18406 32094a 18396->18406 18400 320941 18398->18400 18399 31b584 26 API calls 18401 320956 CloseHandle 18399->18401 18404 31b584 26 API calls 18400->18404 18401->18394 18405 320962 GetLastError 18401->18405 18402 314ed8 __dosmaperr 20 API calls 18403 320992 18402->18403 18403->18388 18404->18406 18405->18394 18406->18394 18406->18399 18419 31b4d0 LeaveCriticalSection 18407->18419 18409 320859 18409->18390 18411 31b502 18410->18411 18412 31b569 18410->18412 18411->18412 18418 31b52c 18411->18418 18413 314f0e _free 20 API calls 18412->18413 18414 31b56e 18413->18414 18415 314efb __dosmaperr 20 API calls 18414->18415 18416 31b559 18415->18416 18416->18402 18416->18403 18417 31b553 SetStdHandle 18417->18416 18418->18416 18418->18417 18419->18409 18420->18175 18421->18155 14764 304000 14765 304037 14764->14765 14766 30401f wsprintfA 14764->14766 14767 304057 14765->14767 14768 30403d wsprintfA 14765->14768 14766->14767 14776 303b10 LoadStringW 14767->14776 14768->14767 14774 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14775 30413c 14774->14775 14777 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14776->14777 14778 303b48 lstrlenA 14777->14778 14779 302790 14778->14779 14780 3027b0 14779->14780 14781 303b10 6 API calls 14780->14781 14782 3027d7 14781->14782 14783 3027f7 14782->14783 14784 3027ea GetLastError 14782->14784 14787 302811 GetLastError 14783->14787 14788 30281e 14783->14788 14785 302b55 SetLastError 14784->14785 14786 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14785->14786 14789 302b6d 14786->14789 14794 302b3b 14787->14794 14790 30284c GetLastError 14788->14790 14791 302859 14788->14791 14789->14774 14790->14794 14792 302b33 GetLastError 14791->14792 14796 307dc0 30 API calls 14791->14796 14797 3028c7 14791->14797 14792->14794 14793 30291f GetFileSizeEx 14793->14792 14795 302932 14793->14795 14794->14785 14798 302940 wsprintfW 14795->14798 14799 302961 14795->14799 14796->14797 14797->14792 14797->14793 14797->14799 14798->14799 14799->14792 14799->14794 14800 302a1f 14799->14800 14801 3029ed SetFilePointerEx 14799->14801 14803 302a42 GetLastError 14800->14803 14804 302a53 14800->14804 14801->14792 14802 302a0e SetEndOfFile 14801->14802 14802->14792 14802->14800 14803->14792 14803->14804 14805 302a6a GetProcessHeap RtlAllocateHeap 14804->14805 14806 302a60 InterlockedExchange 14804->14806 14805->14792 14809 302a89 14805->14809 14806->14805 14807 302aa7 WriteFile 14808 302ade GetLastError 14807->14808 14807->14809 14810 302ae6 14808->14810 14809->14807 14809->14808 14809->14810 14812 302acc InterlockedExchangeAdd 14809->14812 14811 302b1c GetProcessHeap RtlFreeHeap 14810->14811 14813 302af1 SetFilePointerEx 14810->14813 14811->14794 14812->14809 14814 302b14 GetLastError 14813->14814 14815 302b07 SetEndOfFile 14813->14815 14814->14811 14815->14811 14815->14814 17246 31bc71 17249 31bc97 17246->17249 17250 31bc93 17246->17250 17247 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 17248 31bcf9 17247->17248 17249->17250 17251 319d10 31 API calls 17249->17251 17250->17247 17251->17249 17252 312075 17253 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 17252->17253 17254 312087 17253->17254 17257 3135ef 17254->17257 17258 3135fd ___except_validate_context_record 17257->17258 17266 312d7c 17258->17266 17260 313603 17261 313642 17260->17261 17262 313668 17260->17262 17265 3120a0 17260->17265 17261->17265 17279 3139a4 17261->17279 17262->17265 17282 3130c2 17262->17282 17326 312d8a 17266->17326 17268 312d81 17268->17260 17338 31be36 17268->17338 17272 318420 17276 317b06 _abort 28 API calls 17272->17276 17273 318402 IsProcessorFeaturePresent 17275 31840d 17273->17275 17274 3183f8 17274->17272 17274->17273 17277 314206 _abort 8 API calls 17275->17277 17278 31842a 17276->17278 17277->17272 17397 3139bc 17279->17397 17281 3139b7 17281->17265 17286 3130e2 FindHandler 17282->17286 17283 3131fd 17284 3182da CallUnexpected 38 API calls 17283->17284 17295 3133e6 17283->17295 17285 31344f 17284->17285 17286->17283 17289 313202 17286->17289 17291 312d7c __InternalCxxFrameHandler 48 API calls 17286->17291 17287 3133b8 17287->17283 17288 3133b6 17287->17288 17431 313450 17287->17431 17290 312d7c __InternalCxxFrameHandler 48 API calls 17288->17290 17289->17287 17292 31324e 17289->17292 17290->17283 17294 313140 17291->17294 17298 313363 ___DestructExceptionObject 17292->17298 17416 311e37 17292->17416 17294->17295 17297 312d7c __InternalCxxFrameHandler 48 API calls 17294->17297 17295->17265 17299 31314e 17297->17299 17298->17283 17298->17288 17301 313aa4 IsInExceptionSpec 38 API calls 17298->17301 17300 312d7c __InternalCxxFrameHandler 48 API calls 17299->17300 17304 313156 17300->17304 17302 3133b0 17301->17302 17302->17288 17303 31340b 17302->17303 17306 312d7c __InternalCxxFrameHandler 48 API calls 17303->17306 17304->17283 17305 312d7c __InternalCxxFrameHandler 48 API calls 17304->17305 17307 31319f 17305->17307 17308 313410 17306->17308 17307->17289 17310 312d7c __InternalCxxFrameHandler 48 API calls 17307->17310 17309 312d7c __InternalCxxFrameHandler 48 API calls 17308->17309 17312 313418 17309->17312 17313 3131a9 17310->17313 17311 313268 ___TypeMatch 17311->17298 17421 313042 17311->17421 17448 312022 RtlUnwind 17312->17448 17314 312d7c __InternalCxxFrameHandler 48 API calls 17313->17314 17317 3131b4 17314->17317 17411 313aa4 17317->17411 17318 31342f 17320 3139a4 __InternalCxxFrameHandler 48 API calls 17318->17320 17322 31343b FindHandler 17320->17322 17321 3131c0 17321->17289 17324 3131c6 ___DestructExceptionObject FindHandler type_info::operator== 17321->17324 17449 313920 17322->17449 17324->17283 17325 311dca __CxxThrowException@8 RaiseException 17324->17325 17325->17303 17327 312d93 17326->17327 17328 312d96 GetLastError 17326->17328 17327->17268 17368 313dd0 17328->17368 17331 312e10 SetLastError 17331->17268 17332 313e0b ___vcrt_FlsSetValue 6 API calls 17333 312dc4 __InternalCxxFrameHandler 17332->17333 17334 312dec 17333->17334 17335 313e0b ___vcrt_FlsSetValue 6 API calls 17333->17335 17337 312dca 17333->17337 17336 313e0b ___vcrt_FlsSetValue 6 API calls 17334->17336 17334->17337 17335->17334 17336->17337 17337->17331 17373 31bda4 17338->17373 17341 31be91 17342 31be9d _abort 17341->17342 17343 3188b9 __dosmaperr 20 API calls 17342->17343 17346 31beca _abort 17342->17346 17349 31bec4 _abort 17342->17349 17343->17349 17344 31bf16 17345 314f0e _free 20 API calls 17344->17345 17347 31bf1b 17345->17347 17353 31bf42 17346->17353 17387 31ae61 EnterCriticalSection 17346->17387 17350 3143d0 __mbsinc 26 API calls 17347->17350 17348 3218a9 _abort 5 API calls 17351 31c098 17348->17351 17349->17344 17349->17346 17367 31bef9 17349->17367 17350->17367 17351->17274 17354 31bfa1 17353->17354 17356 31bf99 17353->17356 17364 31bfcc 17353->17364 17388 31aeb1 LeaveCriticalSection 17353->17388 17354->17364 17389 31be88 17354->17389 17359 317b06 _abort 28 API calls 17356->17359 17359->17354 17362 318835 _abort 38 API calls 17365 31c02f 17362->17365 17363 31be88 _abort 38 API calls 17363->17364 17392 31c051 17364->17392 17366 318835 _abort 38 API calls 17365->17366 17365->17367 17366->17367 17367->17348 17369 313ceb try_get_function 5 API calls 17368->17369 17370 313dea 17369->17370 17371 313e02 TlsGetValue 17370->17371 17372 312dab 17370->17372 17371->17372 17372->17331 17372->17332 17372->17337 17376 31bd4a 17373->17376 17375 3183ed 17375->17274 17375->17341 17377 31bd56 ___BuildCatchObject 17376->17377 17382 31ae61 EnterCriticalSection 17377->17382 17379 31bd64 17383 31bd98 17379->17383 17381 31bd8b __onexit 17381->17375 17382->17379 17386 31aeb1 LeaveCriticalSection 17383->17386 17385 31bda2 17385->17381 17386->17385 17387->17353 17388->17356 17390 318835 _abort 38 API calls 17389->17390 17391 31be8d 17390->17391 17391->17363 17393 31c057 17392->17393 17394 31c020 17392->17394 17396 31aeb1 LeaveCriticalSection 17393->17396 17394->17362 17394->17365 17394->17367 17396->17394 17398 3139c8 ___BuildCatchObject FindHandler 17397->17398 17399 312d7c __InternalCxxFrameHandler 48 API calls 17398->17399 17405 3139e3 __CallSettingFrame@12 __FrameHandler3::FrameUnwindToState 17399->17405 17401 3182da CallUnexpected 38 API calls 17404 313aa3 17401->17404 17402 313a63 17402->17401 17403 313a68 __FrameHandler3::FrameUnwindToState 17402->17403 17403->17281 17405->17402 17406 313a8a 17405->17406 17407 312d7c __InternalCxxFrameHandler 48 API calls 17406->17407 17408 313a8f 17407->17408 17409 313a9a 17408->17409 17410 312d7c __InternalCxxFrameHandler 48 API calls 17408->17410 17409->17402 17410->17409 17412 313b38 17411->17412 17415 313ab8 ___TypeMatch 17411->17415 17413 3182da CallUnexpected 38 API calls 17412->17413 17414 313b3d 17413->17414 17415->17321 17417 311e5b 17416->17417 17418 311ea0 17417->17418 17419 3182da CallUnexpected 38 API calls 17417->17419 17418->17311 17420 311eb8 17419->17420 17422 313061 17421->17422 17423 313054 17421->17423 17465 312022 RtlUnwind 17422->17465 17461 312fa9 17423->17461 17426 313076 17427 3139bc __FrameHandler3::FrameUnwindToState 48 API calls 17426->17427 17428 313087 __FrameHandler3::FrameUnwindToState 17427->17428 17466 313752 17428->17466 17430 3130af FindHandler 17430->17311 17432 313462 17431->17432 17433 3134b4 17431->17433 17434 312d7c __InternalCxxFrameHandler 48 API calls 17432->17434 17433->17288 17435 313469 17434->17435 17436 313472 EncodePointer 17435->17436 17437 3134ad 17435->17437 17438 312d7c __InternalCxxFrameHandler 48 API calls 17436->17438 17437->17433 17439 31355b 17437->17439 17440 3134cc 17437->17440 17444 313481 17438->17444 17441 3182da CallUnexpected 38 API calls 17439->17441 17442 311e37 pair 38 API calls 17440->17442 17443 313560 17441->17443 17446 3134df 17442->17446 17444->17437 17445 311f17 _CallSETranslator 48 API calls 17444->17445 17445->17437 17446->17433 17447 313042 FindHandler 50 API calls 17446->17447 17447->17446 17448->17318 17450 31392c __EH_prolog3_catch 17449->17450 17451 312d7c __InternalCxxFrameHandler 48 API calls 17450->17451 17452 313931 17451->17452 17453 313954 17452->17453 17525 31403e 17452->17525 17455 3182da CallUnexpected 38 API calls 17453->17455 17456 313959 17455->17456 17462 312fb5 ___BuildCatchObject 17461->17462 17480 312e6a 17462->17480 17464 312fdd ___BuildCatchObject ___AdjustPointer BuildCatchObjectHelperInternal 17464->17422 17465->17426 17467 31375e ___BuildCatchObject 17466->17467 17487 3120a6 17467->17487 17470 312d7c __InternalCxxFrameHandler 48 API calls 17471 31378a 17470->17471 17472 312d7c __InternalCxxFrameHandler 48 API calls 17471->17472 17473 313795 17472->17473 17474 312d7c __InternalCxxFrameHandler 48 API calls 17473->17474 17475 3137a0 17474->17475 17476 312d7c __InternalCxxFrameHandler 48 API calls 17475->17476 17477 3137a8 _CallCatchBlock2 17476->17477 17492 31389a 17477->17492 17479 313882 17479->17430 17481 312e76 ___BuildCatchObject 17480->17481 17482 312ef1 ___AdjustPointer BuildCatchObjectHelperInternal 17481->17482 17483 3182da CallUnexpected 38 API calls 17481->17483 17482->17464 17484 312fa8 ___BuildCatchObject 17483->17484 17485 312e6a BuildCatchObjectHelperInternal 38 API calls 17484->17485 17486 312fdd ___BuildCatchObject ___AdjustPointer BuildCatchObjectHelperInternal 17485->17486 17486->17464 17488 312d7c __InternalCxxFrameHandler 48 API calls 17487->17488 17489 3120b7 17488->17489 17490 312d7c __InternalCxxFrameHandler 48 API calls 17489->17490 17491 3120c2 17490->17491 17491->17470 17501 3120ca 17492->17501 17494 3138ab 17495 312d7c __InternalCxxFrameHandler 48 API calls 17494->17495 17496 3138b1 17495->17496 17497 312d7c __InternalCxxFrameHandler 48 API calls 17496->17497 17499 3138bc 17497->17499 17498 3138fd ___DestructExceptionObject 17498->17479 17499->17498 17517 31293d 17499->17517 17502 312d7c __InternalCxxFrameHandler 48 API calls 17501->17502 17503 3120d3 17502->17503 17504 312d7c __InternalCxxFrameHandler 48 API calls 17503->17504 17505 3120db 17504->17505 17506 3182da CallUnexpected 38 API calls 17505->17506 17507 3120e3 17505->17507 17508 31210e 17506->17508 17507->17494 17509 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 17508->17509 17510 312123 17509->17510 17511 31212e 17510->17511 17512 3135ef __InternalCxxFrameHandler 51 API calls 17510->17512 17511->17494 17513 312166 17512->17513 17514 31217d 17513->17514 17520 312022 RtlUnwind 17513->17520 17521 311f17 17514->17521 17518 312d7c __InternalCxxFrameHandler 48 API calls 17517->17518 17519 312945 17518->17519 17519->17498 17520->17514 17522 311f27 17521->17522 17523 311f39 17521->17523 17522->17511 17524 312d7c __InternalCxxFrameHandler 48 API calls 17523->17524 17524->17522 17526 312d7c __InternalCxxFrameHandler 48 API calls 17525->17526 17527 314044 17526->17527 17528 3182da CallUnexpected 38 API calls 17527->17528 17529 31405a 17528->17529 14816 3021a0 14817 3021d5 ___scrt_fastfail 14816->14817 14818 3023c2 14817->14818 14819 302216 14817->14819 14820 3023c7 14818->14820 14826 302427 14818->14826 14822 302223 14819->14822 14823 302285 GetModuleHandleW GetProcAddress GetVersionExW 14819->14823 14851 302244 14819->14851 14824 3023fb InvalidateRect 14820->14824 14825 3023cf 14820->14825 14821 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14827 302459 14821->14827 14828 302228 14822->14828 14829 30224c KillTimer InterlockedExchange DefWindowProcW 14822->14829 14832 302396 SetTimer DefWindowProcW 14823->14832 14833 3022c7 14823->14833 14831 302408 DefWindowProcW 14824->14831 14830 3023d7 DefWindowProcW 14825->14830 14825->14831 14834 303b10 6 API calls 14826->14834 14826->14851 14828->14831 14835 302231 14828->14835 14837 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14829->14837 14836 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14830->14836 14838 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14831->14838 14841 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14832->14841 14839 302342 14833->14839 14847 302311 14833->14847 14848 3022da 14833->14848 14840 30243b ShutdownBlockReasonCreate 14834->14840 14862 301fd0 14835->14862 14843 3023f5 14836->14843 14845 30227f 14837->14845 14846 302421 14838->14846 14839->14832 14844 302344 LoadLibraryW 14839->14844 14840->14851 14849 3023bc 14841->14849 14852 302390 14844->14852 14853 302355 GetProcAddress 14844->14853 14847->14844 14850 302316 SetTimer DefWindowProcW 14847->14850 14848->14844 14854 3022e6 SetTimer DefWindowProcW 14848->14854 14856 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14850->14856 14851->14821 14852->14832 14857 302389 FreeLibrary 14853->14857 14858 30236b 14853->14858 14859 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14854->14859 14860 30233c 14856->14860 14857->14852 14858->14857 14861 30230b 14859->14861 14863 30200c 14862->14863 14864 30211e 14862->14864 14868 31085a 5 API calls 14863->14868 14883 30201d 14863->14883 14885 31085a EnterCriticalSection 14864->14885 14866 302062 CreateSolidBrush 14872 302072 CreateSolidBrush 14866->14872 14867 302128 14867->14863 14870 302138 CreateSolidBrush 14867->14870 14871 302164 14868->14871 14869 30202a 14873 30202f CreateSolidBrush 14869->14873 14882 302041 14869->14882 14890 310810 EnterCriticalSection LeaveCriticalSection 14870->14890 14875 302174 CreateSolidBrush 14871->14875 14871->14883 14876 302082 BeginPaint 14872->14876 14873->14872 14878 310810 4 API calls 14875->14878 14879 302099 14876->14879 14880 3020ae FillRect FillRect EndPaint 14876->14880 14877 302050 CreateSolidBrush 14877->14872 14878->14883 14879->14880 14881 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14880->14881 14884 30211a 14881->14884 14882->14876 14882->14877 14883->14866 14883->14869 14884->14851 14886 31086e 14885->14886 14887 310873 LeaveCriticalSection 14886->14887 14894 3108ee 14886->14894 14887->14867 14891 3108ac 14890->14891 14892 3108b5 14891->14892 14893 3108da SetEvent ResetEvent 14891->14893 14892->14863 14893->14863 14895 310927 LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 14894->14895 14896 3108fb 14894->14896 14895->14896 14896->14886 19666 3103a9 19667 3103b3 19666->19667 19668 3078c6 ___delayLoadHelper2@8 17 API calls 19667->19668 19668->19667 17790 31a093 17792 31a026 __dosmaperr 17790->17792 17791 31a04d 17792->17791 17793 31a04f 17792->17793 17794 317cc3 __dosmaperr 7 API calls 17792->17794 17796 31a03a RtlAllocateHeap 17792->17796 17795 314f0e _free 20 API calls 17793->17795 17794->17792 17795->17791 17796->17792 14897 302b80 14900 302df0 14897->14900 14898 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 14899 30314b 14898->14899 14901 303151 14900->14901 14906 302e74 BuildCatchObjectHelperInternal 14900->14906 14919 303124 14900->14919 14928 303bd0 14901->14928 14903 303156 14904 303bd0 28 API calls 14903->14904 14905 30315b 14904->14905 14933 3143e0 14905->14933 14906->14903 14913 302f0d 14906->14913 14913->14905 14922 303e30 14913->14922 14919->14898 14924 303e90 14922->14924 14923 303bd0 28 API calls 14925 303fb8 14923->14925 14924->14923 14926 3143e0 26 API calls 14925->14926 14927 303fbd 14926->14927 14938 31032d 14928->14938 14934 314355 __mbsinc 26 API calls 14933->14934 14935 3143ef 14934->14935 14936 3143fd __mbsinc 11 API calls 14935->14936 14937 3143fc 14936->14937 14943 31027b 14938->14943 14941 311dca __CxxThrowException@8 RaiseException 14942 31034c 14941->14942 14946 310223 14943->14946 14947 312806 ___std_exception_copy 27 API calls 14946->14947 14948 31024f 14947->14948 14948->14941 17036 310388 17037 310398 17036->17037 17038 3078c6 ___delayLoadHelper2@8 17 API calls 17037->17038 17039 3103a5 17038->17039 14949 3104f2 14950 3104fe ___BuildCatchObject 14949->14950 14979 310af7 14950->14979 14952 310505 14953 310658 14952->14953 14957 31052f 14952->14957 15392 310e8f IsProcessorFeaturePresent 14953->15392 14955 31065f 15396 317b54 14955->15396 14965 31056e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 14957->14965 15367 317879 14957->15367 14963 31054e 14970 3105cf 14965->14970 15375 317b1c 14965->15375 14967 3105d5 14994 3052d0 InterlockedExchange 14967->14994 14990 310fa9 14970->14990 14974 3105f5 14975 3105fe 14974->14975 15383 317af7 14974->15383 15386 310c86 14975->15386 14980 310b00 14979->14980 15402 3112cd IsProcessorFeaturePresent 14980->15402 14984 310b11 14989 310b15 14984->14989 15413 318257 14984->15413 14987 310b2c 14987->14952 14989->14952 15549 311c70 14990->15549 14993 310fcf 14993->14967 15551 303380 14994->15551 14997 307dc0 30 API calls 14998 3054ab 14997->14998 14999 3054b6 GetCurrentProcess 14998->14999 15000 305557 14998->15000 15572 307c50 OpenProcessToken 14999->15572 15595 307e60 GetModuleHandleW GetProcAddress 15000->15595 15004 305563 15005 3055a7 15004->15005 15006 305567 InterlockedExchange InterlockedExchange 15004->15006 15009 303b10 6 API calls 15005->15009 15008 305595 15006->15008 15018 305503 15006->15018 15011 303b50 9 API calls 15008->15011 15012 3055b1 CreateMutexW 15009->15012 15011->15018 15015 3055c9 GetLastError 15012->15015 15016 30561b 15012->15016 15013 3043c0 5 API calls 15017 3073a8 15013->15017 15015->15016 15020 3055d6 InterlockedExchange 15015->15020 15609 30ccf0 15016->15609 15021 304420 59 API calls 15017->15021 15018->15013 15022 303b10 6 API calls 15020->15022 15023 3073b4 15021->15023 15024 3055f2 15022->15024 15025 3073c2 CloseHandle 15023->15025 15026 3073c9 15023->15026 15716 3011b0 FindWindowW 15024->15716 15025->15026 15029 3073d3 CloseHandle 15026->15029 15030 3073da 15026->15030 15029->15030 15035 3073e4 CloseHandle 15030->15035 15036 3073eb 15030->15036 15035->15036 15037 307dc0 30 API calls 15036->15037 15063 3073f0 ___scrt_fastfail 15037->15063 15044 303b10 6 API calls 15047 30560d 15044->15047 15046 3074ed 15051 307505 15046->15051 15052 3074f7 ReleaseMutex CloseHandle 15046->15052 15049 3011b0 2 API calls 15047->15049 15053 305613 15049->15053 15062 302d30 26 API calls 15051->15062 15052->15051 15053->15018 15067 307534 15062->15067 15063->15046 15804 303fe0 15063->15804 15070 302d30 26 API calls 15067->15070 15074 30753f 15070->15074 15077 302d30 26 API calls 15074->15077 15079 30754a 15077->15079 15084 302d30 26 API calls 15079->15084 15088 307555 15084->15088 15093 302d30 26 API calls 15088->15093 15089 307480 _wcsrchr 15101 303fe0 26 API calls 15089->15101 15094 307560 15093->15094 15097 302d30 26 API calls 15094->15097 15100 30756b 15097->15100 15104 302d30 26 API calls 15100->15104 15105 307492 _wcsrchr 15101->15105 15108 307576 15104->15108 15808 3047e0 15105->15808 15111 302d30 26 API calls 15108->15111 15114 307581 15111->15114 15119 302d30 26 API calls 15114->15119 15123 30758c 15119->15123 15127 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15123->15127 15124 3047e0 26 API calls 15128 3074bd 15124->15128 15132 3075a6 15127->15132 15133 303fe0 26 API calls 15128->15133 15381 310fdf GetModuleHandleW 15132->15381 15135 3074c7 CreateHardLinkW 15133->15135 15135->15046 15137 3074d9 15135->15137 15138 303fe0 26 API calls 15137->15138 15140 3074e6 CopyFileW 15138->15140 15140->15046 15370 317890 15367->15370 15368 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15369 310548 15368->15369 15369->14963 15371 31781d 15369->15371 15370->15368 15374 31784c 15371->15374 15372 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15373 317875 15372->15373 15373->14965 15374->15372 15376 317b44 _abort __onexit 15375->15376 15376->14970 15377 318835 _abort 38 API calls 15376->15377 15380 3182eb 15377->15380 15378 3183e8 _abort 38 API calls 15379 318315 15378->15379 15380->15378 15382 3105f1 15381->15382 15382->14955 15382->14974 16948 3178d1 15383->16948 15387 310c92 15386->15387 15388 310606 15387->15388 17026 318269 15387->17026 15388->14963 15391 312b34 ___vcrt_uninitialize 8 API calls 15391->15388 15393 310ea4 ___scrt_fastfail 15392->15393 15394 310f4f IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15393->15394 15395 310f9a ___scrt_fastfail 15394->15395 15395->14955 15397 3178d1 _abort 28 API calls 15396->15397 15398 310665 15397->15398 15399 317b06 15398->15399 15400 3178d1 _abort 28 API calls 15399->15400 15401 31066d 15400->15401 15403 310b0c 15402->15403 15404 312b0b 15403->15404 15405 312b10 ___vcrt_initialize_winapi_thunks 15404->15405 15424 313bbc 15405->15424 15408 312b1e 15408->14984 15410 312b26 15411 312b31 15410->15411 15438 313bf8 15410->15438 15411->14984 15479 31bc7a 15413->15479 15416 312b34 15417 312b3d 15416->15417 15423 312b4e 15416->15423 15418 312e4f ___vcrt_uninitialize_ptd 6 API calls 15417->15418 15419 312b42 15418->15419 15420 313bf8 ___vcrt_uninitialize_locks DeleteCriticalSection 15419->15420 15421 312b47 15420->15421 15545 313eb9 15421->15545 15423->14989 15425 313bc5 15424->15425 15427 313bee 15425->15427 15428 312b1a 15425->15428 15442 313e49 15425->15442 15429 313bf8 ___vcrt_uninitialize_locks DeleteCriticalSection 15427->15429 15428->15408 15430 312e1c 15428->15430 15429->15428 15460 313d5a 15430->15460 15433 312e31 15433->15410 15436 312e4c 15436->15410 15439 313c22 15438->15439 15440 313c03 15438->15440 15439->15408 15441 313c0d DeleteCriticalSection 15440->15441 15441->15439 15441->15441 15447 313ceb 15442->15447 15444 313e63 15445 313e81 InitializeCriticalSectionAndSpinCount 15444->15445 15446 313e6c 15444->15446 15445->15446 15446->15425 15448 313d13 15447->15448 15452 313d0f __crt_fast_encode_pointer 15447->15452 15448->15452 15453 313c27 15448->15453 15451 313d2d GetProcAddress 15451->15452 15452->15444 15458 313c36 15453->15458 15454 313ce0 15454->15451 15454->15452 15455 313c53 LoadLibraryExW 15456 313c6e GetLastError 15455->15456 15455->15458 15456->15458 15457 313cc9 FreeLibrary 15457->15458 15458->15454 15458->15455 15458->15457 15459 313ca1 LoadLibraryExW 15458->15459 15459->15458 15461 313ceb try_get_function 5 API calls 15460->15461 15462 313d74 15461->15462 15463 313d8d TlsAlloc 15462->15463 15464 312e26 15462->15464 15464->15433 15465 313e0b 15464->15465 15466 313ceb try_get_function 5 API calls 15465->15466 15467 313e25 15466->15467 15468 313e40 TlsSetValue 15467->15468 15469 312e3f 15467->15469 15468->15469 15469->15436 15470 312e4f 15469->15470 15471 312e5f 15470->15471 15472 312e59 15470->15472 15471->15433 15474 313d95 15472->15474 15475 313ceb try_get_function 5 API calls 15474->15475 15476 313daf 15475->15476 15477 313dc7 TlsFree 15476->15477 15478 313dbb 15476->15478 15477->15478 15478->15471 15480 31bc97 15479->15480 15483 31bc93 15479->15483 15480->15483 15485 319d10 15480->15485 15481 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15482 310b1e 15481->15482 15482->14987 15482->15416 15483->15481 15486 319d1c ___BuildCatchObject 15485->15486 15497 31ae61 EnterCriticalSection 15486->15497 15488 319d23 15498 31b415 15488->15498 15490 319d32 15491 319d41 15490->15491 15511 319b99 GetStartupInfoW 15490->15511 15522 319d5d 15491->15522 15495 319d52 __onexit 15495->15480 15497->15488 15499 31b421 ___BuildCatchObject 15498->15499 15500 31b445 15499->15500 15501 31b42e 15499->15501 15525 31ae61 EnterCriticalSection 15500->15525 15502 314f0e _free 20 API calls 15501->15502 15504 31b433 15502->15504 15505 3143d0 __mbsinc 26 API calls 15504->15505 15506 31b43d __onexit 15505->15506 15506->15490 15507 31b47d 15533 31b4a4 15507->15533 15510 31b451 15510->15507 15526 31b366 15510->15526 15512 319bb6 15511->15512 15513 319c48 15511->15513 15512->15513 15514 31b415 27 API calls 15512->15514 15517 319c4f 15513->15517 15515 319bdf 15514->15515 15515->15513 15516 319c0d GetFileType 15515->15516 15516->15515 15518 319c56 15517->15518 15519 319c99 GetStdHandle 15518->15519 15520 319d01 15518->15520 15521 319cac GetFileType 15518->15521 15519->15518 15520->15491 15521->15518 15544 31aeb1 LeaveCriticalSection 15522->15544 15524 319d64 15524->15495 15525->15510 15527 31a002 __dosmaperr 20 API calls 15526->15527 15530 31b378 15527->15530 15528 31b385 15529 318b79 _free 20 API calls 15528->15529 15531 31b3d7 15529->15531 15530->15528 15536 31b13a 15530->15536 15531->15510 15543 31aeb1 LeaveCriticalSection 15533->15543 15535 31b4ab 15535->15506 15537 31aec8 __dosmaperr 5 API calls 15536->15537 15538 31b161 15537->15538 15539 31b17f InitializeCriticalSectionAndSpinCount 15538->15539 15540 31b16a 15538->15540 15539->15540 15541 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15540->15541 15542 31b196 15541->15542 15542->15530 15543->15535 15544->15524 15546 313ee8 15545->15546 15548 313ec2 15545->15548 15546->15423 15547 313ed2 FreeLibrary 15547->15548 15548->15546 15548->15547 15550 310fbc GetStartupInfoW 15549->15550 15550->14993 15552 3033c0 ___scrt_fastfail 15551->15552 15552->15552 15553 303633 15552->15553 15555 30387f 15552->15555 15811 302b90 15552->15811 15554 303649 15553->15554 15553->15555 15569 30366b 15553->15569 15558 302b90 28 API calls 15554->15558 15554->15569 15823 303bf0 15555->15823 15556 30378a 15562 30388e 15556->15562 15571 30380a 15556->15571 15558->15569 15559 303884 15560 303bf0 45 API calls 15559->15560 15564 303889 15560->15564 15565 3143e0 26 API calls 15562->15565 15563 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15566 30387b 15563->15566 15567 3143e0 26 API calls 15564->15567 15568 303893 15565->15568 15566->14997 15567->15562 15569->15556 15569->15559 15570 3037bb 15569->15570 15570->15564 15570->15571 15571->15563 15573 307d53 GetLastError 15572->15573 15574 307c9a GetTokenInformation 15572->15574 15576 307b80 27 API calls 15573->15576 15849 310a73 15574->15849 15578 307d67 15576->15578 15581 311dca __CxxThrowException@8 RaiseException 15578->15581 15579 307d75 GetLastError 15584 307b80 27 API calls 15579->15584 15581->15579 15583 307d97 GetLastError 15586 307b80 27 API calls 15583->15586 15585 307d89 15584->15585 15588 311dca __CxxThrowException@8 RaiseException 15585->15588 15589 307dab 15586->15589 15588->15583 15591 311dca __CxxThrowException@8 RaiseException 15589->15591 15593 307db9 15591->15593 15596 307e8e 15595->15596 15597 307e9f GetCurrentProcess 15595->15597 15598 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15596->15598 15600 307ec0 15597->15600 15599 307e9b 15598->15599 15599->15004 15601 307ee1 GetLastError 15600->15601 15602 307ec6 15600->15602 15604 307b80 27 API calls 15601->15604 15603 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 15602->15603 15605 307edd 15603->15605 15606 307ef5 15604->15606 15605->15004 15607 311dca __CxxThrowException@8 RaiseException 15606->15607 15608 307f03 15607->15608 15850 30ae80 15609->15850 15717 3011cd 15716->15717 15718 3011c2 SetForegroundWindow 15716->15718 15717->15018 15717->15044 15718->15717 15805 303fe9 15804->15805 15806 303ff3 15804->15806 16894 314cd9 15805->16894 15806->15089 16900 314e20 15808->16900 15812 302d27 15811->15812 15816 302bc0 15811->15816 15836 303be0 15812->15836 15815 302bfa 15826 31095f 15815->15826 15816->15815 15817 302c2e 15816->15817 15819 31095f 22 API calls 15817->15819 15821 302c18 15817->15821 15819->15821 15820 3143e0 26 API calls 15820->15812 15821->15820 15821->15821 15822 302cf5 15821->15822 15822->15552 15839 31034d 15823->15839 15828 310964 15826->15828 15827 314f26 ___std_exception_copy 21 API calls 15827->15828 15828->15827 15829 31097e 15828->15829 15830 317cc3 __dosmaperr 7 API calls 15828->15830 15831 310980 15828->15831 15829->15821 15830->15828 15832 3112af 15831->15832 15834 311dca __CxxThrowException@8 RaiseException 15831->15834 15833 311dca __CxxThrowException@8 RaiseException 15832->15833 15835 3112cc 15833->15835 15834->15832 15837 31032d std::_Xinvalid_argument 28 API calls 15836->15837 15838 303bea 15837->15838 15846 3102db 15839->15846 15842 311dca __CxxThrowException@8 RaiseException 15843 31036c 15842->15843 15844 3078c6 ___delayLoadHelper2@8 17 API calls 15843->15844 15845 310384 15844->15845 15847 310223 std::exception::exception 27 API calls 15846->15847 15848 3102ed 15847->15848 15848->15842 15935 30b520 15850->15935 15853 30b4e1 16160 309b40 15853->16160 15854 30aecc 15859 30b520 39 API calls 15854->15859 15856 30b4eb 15857 309b40 RaiseException 15856->15857 15858 30b4f5 15857->15858 15860 309b40 RaiseException 15858->15860 15861 30aef2 15859->15861 15862 30b4ff 15860->15862 15861->15856 15864 30aefc 15861->15864 15863 309b40 RaiseException 15862->15863 15865 30b509 15863->15865 15870 30b520 39 API calls 15864->15870 15866 309b40 RaiseException 15865->15866 15867 30b513 15866->15867 15868 3143e0 26 API calls 15867->15868 15869 30b518 15868->15869 15871 3143e0 26 API calls 15869->15871 15872 30af22 15870->15872 15873 30b51d 15871->15873 15872->15858 15874 30af2c 15872->15874 15875 30b520 39 API calls 15874->15875 15876 30af52 15875->15876 15876->15862 15877 30af5c 15876->15877 15950 3092d0 15877->15950 15879 30af92 15880 30b520 39 API calls 15879->15880 15881 30afaa 15880->15881 15881->15865 15882 30afb4 15881->15882 16021 308b60 15882->16021 15884 30afef 16039 3091f0 CryptCreateHash 15884->16039 15887 308b60 35 API calls 15888 30b027 15887->15888 15889 3091f0 31 API calls 15888->15889 15890 30b045 15889->15890 16050 30c2a0 15890->16050 15936 30b551 15935->15936 15947 30b53d 15935->15947 15937 31085a 5 API calls 15936->15937 15939 30b55b 15937->15939 15938 31085a 5 API calls 15940 30b5bb 15938->15940 15941 30b567 GetProcessHeap 15939->15941 15939->15947 15944 310ce9 29 API calls 15940->15944 15949 30aec2 15940->15949 16164 310ce9 15941->16164 15946 30b614 15944->15946 15945 310810 4 API calls 15945->15947 15948 310810 4 API calls 15946->15948 15947->15938 15947->15949 15948->15949 15949->15853 15949->15854 15951 30b520 39 API calls 15950->15951 15952 309306 15951->15952 15953 309311 15952->15953 15954 3095ba 15952->15954 15959 30b520 39 API calls 15953->15959 15955 309b40 RaiseException 15954->15955 15956 3095c4 15955->15956 15957 309b40 RaiseException 15956->15957 15958 3095ce 15957->15958 15960 309b40 RaiseException 15958->15960 15961 309335 15959->15961 15962 3095d8 15960->15962 15961->15956 15963 309340 15961->15963 15964 309b40 RaiseException 15962->15964 15969 30b520 39 API calls 15963->15969 15965 3095e2 15964->15965 15966 309b40 RaiseException 15965->15966 15967 3095ec 15966->15967 15968 309b40 RaiseException 15967->15968 15970 3095f6 15968->15970 15971 309364 15969->15971 15972 309b40 RaiseException 15970->15972 15971->15958 15973 30936f 15971->15973 15974 309600 15972->15974 15979 30b520 39 API calls 15973->15979 15975 309b40 RaiseException 15974->15975 15976 30960a 15975->15976 15977 309b40 RaiseException 15976->15977 15978 309614 15977->15978 15980 309b40 RaiseException 15978->15980 15981 309393 15979->15981 15982 30961e 15980->15982 15981->15962 15983 30939e 15981->15983 15984 309b40 RaiseException 15982->15984 15989 30b520 39 API calls 15983->15989 15985 309628 15984->15985 15986 309b40 RaiseException 15985->15986 15987 309632 15986->15987 15988 309b40 RaiseException 15987->15988 15990 309569 15988->15990 15991 3093c2 15989->15991 15992 309b40 RaiseException 15990->15992 16020 309574 15990->16020 15991->15965 15993 3093cd 15991->15993 15994 309646 15992->15994 15995 30b520 39 API calls 15993->15995 15994->15879 15996 3093f1 15995->15996 15996->15967 15997 3093fc 15996->15997 15998 30b520 39 API calls 15997->15998 15999 309420 15998->15999 15999->15970 16000 30942b 15999->16000 16001 30b520 39 API calls 16000->16001 16002 30944f 16001->16002 16002->15974 16003 30945a 16002->16003 16004 30b520 39 API calls 16003->16004 16005 30947e 16004->16005 16005->15976 16006 309489 16005->16006 16007 30b520 39 API calls 16006->16007 16008 3094ad 16007->16008 16008->15978 16009 3094b8 16008->16009 16010 30b520 39 API calls 16009->16010 16011 3094dc 16010->16011 16011->15982 16012 3094e7 16011->16012 16013 30b520 39 API calls 16012->16013 16014 30950b 16013->16014 16014->15985 16015 309516 16014->16015 16016 30b520 39 API calls 16015->16016 16017 30953a 16016->16017 16017->15987 16018 309545 16017->16018 16019 30b520 39 API calls 16018->16019 16019->15990 16020->15879 16022 308bde ___scrt_fastfail 16021->16022 16023 307dc0 30 API calls 16022->16023 16024 308be6 16023->16024 16025 308bfc CryptAcquireContextA 16024->16025 16026 308bed lstrcatA 16024->16026 16027 308c47 GetLastError 16025->16027 16028 308c17 16025->16028 16026->16025 16031 307b80 27 API calls 16027->16031 16029 308c22 CryptReleaseContext 16028->16029 16030 308c2b 16028->16030 16029->16030 16032 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16030->16032 16033 308c5e 16031->16033 16034 308c43 16032->16034 16035 311dca __CxxThrowException@8 RaiseException 16033->16035 16034->15884 16036 308c6f 16035->16036 16037 308c76 CryptReleaseContext 16036->16037 16038 308c7f 16036->16038 16037->16038 16038->15884 16040 30921a 16039->16040 16041 30923f GetLastError 16039->16041 16042 309228 CryptDestroyHash 16040->16042 16043 30922f 16040->16043 16044 307b80 27 API calls 16041->16044 16042->16043 16045 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16043->16045 16046 309253 16044->16046 16047 309239 16045->16047 16048 311dca __CxxThrowException@8 RaiseException 16046->16048 16047->15887 16049 309261 16048->16049 16051 30b520 39 API calls 16050->16051 16052 30c2dd 16051->16052 16053 30c2e7 16052->16053 16054 30c62c 16052->16054 16060 30b520 39 API calls 16053->16060 16055 309b40 RaiseException 16054->16055 16056 30c636 16055->16056 16057 309b40 RaiseException 16056->16057 16058 30c640 16057->16058 16059 309b40 RaiseException 16058->16059 16061 30c64a 16059->16061 16062 30c30a 16060->16062 16063 309b40 RaiseException 16061->16063 16062->16056 16064 30c314 16062->16064 16065 30c654 16063->16065 16066 30b520 39 API calls 16064->16066 16067 30c334 16066->16067 16067->16058 16069 30c33e 16067->16069 16068 30c397 GetSystemDirectoryW 16071 30c3a7 GetLastError 16068->16071 16073 30c3b4 16068->16073 16069->16068 16204 30c6c0 16069->16204 16071->16073 16073->16061 16074 30c417 GetVolumePathNameW 16073->16074 16075 30c6c0 RaiseException 16073->16075 16078 30c59d 16073->16078 16076 30c428 GetLastError 16074->16076 16082 30c433 16074->16082 16077 30c411 16075->16077 16076->16082 16077->16074 16079 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16078->16079 16080 30b191 16079->16080 16096 309ea0 16080->16096 16081 30c485 GetVolumeNameForVolumeMountPointW 16083 30c496 GetLastError 16081->16083 16092 30c4a1 16081->16092 16082->16061 16082->16078 16082->16081 16084 30c6c0 RaiseException 16082->16084 16083->16092 16085 30c482 16084->16085 16085->16081 16086 30c53e CreateFileW 16087 30c563 DeviceIoControl 16086->16087 16088 30c558 GetLastError 16086->16088 16089 30c583 GetLastError 16087->16089 16090 30c58e 16087->16090 16088->16078 16091 30c596 CloseHandle 16089->16091 16090->16091 16091->16078 16092->16061 16092->16078 16092->16086 16093 30c529 16092->16093 16094 30c6c0 RaiseException 16092->16094 16093->16061 16095 30c535 16093->16095 16094->16093 16095->16086 16097 30b520 39 API calls 16096->16097 16098 309ee4 16097->16098 16099 30a257 16098->16099 16100 309eee GetVersion 16098->16100 16101 309b40 RaiseException 16099->16101 16223 309d90 16100->16223 16102 30a261 16101->16102 16103 309b40 RaiseException 16102->16103 16105 30a26b 16103->16105 16107 309b40 RaiseException 16105->16107 16109 30a275 16107->16109 16108 309f3a CreateFileW 16110 309f67 16108->16110 16111 309f59 GetLastError 16108->16111 16112 30c9e0 RaiseException 16109->16112 16113 314f26 ___std_exception_copy 21 API calls 16110->16113 16118 30a20e 16111->16118 16114 30a27a 16112->16114 16115 309f71 ___scrt_fastfail 16113->16115 16116 309f7d 16115->16116 16120 309f96 DeviceIoControl 16115->16120 16117 30a205 CloseHandle 16116->16117 16117->16118 16119 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16118->16119 16121 30a253 16119->16121 16122 309fcb GetLastError 16120->16122 16123 309fd9 16120->16123 16151 30a280 16121->16151 16122->16117 16123->16116 16124 30a1bb 16123->16124 16125 30a005 16123->16125 16126 30a1c2 16124->16126 16127 30a1d8 16124->16127 16128 30b520 39 API calls 16125->16128 16129 30c910 27 API calls 16126->16129 16133 30c910 27 API calls 16127->16133 16131 30a00e 16128->16131 16132 30a1ce 16129->16132 16131->16102 16137 30a019 16131->16137 16134 30c9f0 43 API calls 16132->16134 16135 30a1f4 16133->16135 16134->16116 16136 30c9f0 43 API calls 16135->16136 16136->16116 16137->16105 16138 30a05b 16137->16138 16236 30c660 16137->16236 16240 30cb70 16138->16240 16141 30a06c 16141->16105 16142 30a09a 16141->16142 16143 30a177 16142->16143 16146 30a0d4 16142->16146 16147 30a0fa 16142->16147 16270 30c910 16143->16270 16146->16109 16146->16147 16148 30a125 16146->16148 16149 30a13e 16147->16149 16250 30cd50 16148->16250 16149->16147 16292 30c9f0 16149->16292 16152 30b520 39 API calls 16151->16152 16153 30a2c3 16152->16153 16154 309b40 RaiseException 16153->16154 16155 30a681 16154->16155 16156 309b40 RaiseException 16155->16156 16157 30a68b 16156->16157 16158 30c9e0 RaiseException 16157->16158 16159 30a690 16158->16159 16161 309b4f 16160->16161 16162 311dca __CxxThrowException@8 RaiseException 16161->16162 16163 309b5d 16162->16163 16163->15856 16167 310cae 16164->16167 16168 310cd2 16167->16168 16169 310ccb 16167->16169 16176 31811c 16168->16176 16173 3180ac 16169->16173 16172 30b5a2 16172->15945 16174 31811c __onexit 29 API calls 16173->16174 16175 3180be 16174->16175 16175->16172 16179 317e23 16176->16179 16182 317d59 16179->16182 16181 317e47 16181->16172 16183 317d65 ___BuildCatchObject 16182->16183 16190 31ae61 EnterCriticalSection 16183->16190 16185 317d73 16191 317f6b 16185->16191 16187 317d80 16201 317d9e 16187->16201 16189 317d91 __onexit 16189->16181 16190->16185 16192 317f89 16191->16192 16199 317f81 __onexit __crt_fast_encode_pointer 16191->16199 16193 317fe2 16192->16193 16195 318316 __onexit 29 API calls 16192->16195 16192->16199 16194 318316 __onexit 29 API calls 16193->16194 16193->16199 16196 317ff8 16194->16196 16197 317fd8 16195->16197 16200 318b79 _free 20 API calls 16196->16200 16198 318b79 _free 20 API calls 16197->16198 16198->16193 16199->16187 16200->16199 16202 31aeb1 _abort LeaveCriticalSection 16201->16202 16203 317da8 16202->16203 16203->16189 16205 30c6d9 16204->16205 16209 30c6e7 16204->16209 16211 309ce0 16205->16211 16207 30c394 16207->16068 16209->16207 16215 30c770 16209->16215 16212 309d09 16211->16212 16220 30c9e0 16212->16220 16216 30c783 16215->16216 16217 30c9e0 RaiseException 16216->16217 16219 30c7a6 16216->16219 16218 30c7b5 16217->16218 16218->16207 16219->16207 16221 309b40 RaiseException 16220->16221 16222 30c9ea 16221->16222 16224 309da5 ___scrt_initialize_default_local_stdio_options 16223->16224 16234 309e11 16223->16234 16320 316dfb 16224->16320 16225 309b40 RaiseException 16226 309e37 16225->16226 16227 309b40 RaiseException 16226->16227 16229 309e41 16227->16229 16229->16108 16231 309df4 16323 316e1f 16231->16323 16233 30c6c0 RaiseException 16233->16231 16234->16225 16235 309e1b 16234->16235 16235->16108 16237 30c687 16236->16237 16238 30c6b3 16237->16238 16602 30c720 16237->16602 16238->16138 16245 30cb88 16240->16245 16243 315038 42 API calls 16244 30cc36 16243->16244 16244->16243 16249 30ccb2 16244->16249 16245->16244 16248 30cc04 16245->16248 16607 315367 16245->16607 16611 315038 16245->16611 16616 315009 16245->16616 16246 315009 42 API calls 16246->16248 16248->16244 16248->16246 16249->16141 16251 30cd60 16250->16251 16252 30cd5b 16250->16252 16253 30cd67 16251->16253 16256 30cd7f ___scrt_fastfail 16251->16256 16252->16149 16271 30c921 16270->16271 16276 30c92e 16270->16276 16691 309b70 16271->16691 16277 30c96a 16276->16277 16278 30c660 RaiseException 16276->16278 16285 30c988 BuildCatchObjectHelperInternal 16276->16285 16279 30c974 16277->16279 16280 30c9ae 16277->16280 16278->16277 16303 30c9ff 16292->16303 16312 30ca57 16292->16312 16294 316ff6 42 API calls 16297 30cb28 16313 30ca2e 16303->16313 16696 316ff6 16303->16696 16699 316f52 16303->16699 16312->16294 16312->16297 16313->16297 16313->16312 16326 315959 16320->16326 16548 315ade 16323->16548 16325 316e3e 16325->16234 16327 315981 16326->16327 16330 315999 16326->16330 16328 314f0e _free 20 API calls 16327->16328 16331 315986 16328->16331 16329 3159a1 16343 314b63 16329->16343 16330->16327 16330->16329 16333 3143d0 __mbsinc 26 API calls 16331->16333 16341 315991 16333->16341 16336 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16338 309dc6 16336->16338 16338->16226 16338->16231 16338->16233 16341->16336 16344 314b76 16343->16344 16345 314b80 16343->16345 16351 315e19 16344->16351 16345->16344 16371 318835 GetLastError 16345->16371 16347 314ba1 16391 318ae1 16347->16391 16352 315e38 16351->16352 16353 314f0e _free 20 API calls 16352->16353 16354 315a29 16353->16354 16355 316138 16354->16355 16431 314c12 16355->16431 16357 31615d 16358 314f0e _free 20 API calls 16357->16358 16359 316162 16358->16359 16361 3143d0 __mbsinc 26 API calls 16359->16361 16360 315a34 16368 315e4e 16360->16368 16361->16360 16362 316148 16362->16357 16362->16360 16438 316295 16362->16438 16445 3166d1 16362->16445 16450 3162cf 16362->16450 16455 3162f8 16362->16455 16486 316474 16362->16486 16369 318b79 _free 20 API calls 16368->16369 16370 315e5e 16369->16370 16370->16341 16372 318851 16371->16372 16373 31884b 16371->16373 16375 31a002 __dosmaperr 20 API calls 16372->16375 16378 3188a0 SetLastError 16372->16378 16374 31b08b __dosmaperr 11 API calls 16373->16374 16374->16372 16376 318863 16375->16376 16377 31886b 16376->16377 16379 31b0e1 __dosmaperr 11 API calls 16376->16379 16380 318b79 _free 20 API calls 16377->16380 16378->16347 16381 318880 16379->16381 16382 318871 16380->16382 16381->16377 16383 318887 16381->16383 16384 3188ac SetLastError 16382->16384 16385 31869c __dosmaperr 20 API calls 16383->16385 16399 3183e8 16384->16399 16386 318892 16385->16386 16389 318b79 _free 20 API calls 16386->16389 16390 318899 16389->16390 16390->16378 16390->16384 16392 318af4 16391->16392 16393 314bba 16391->16393 16392->16393 16410 31bb84 16392->16410 16395 318b0e 16393->16395 16396 318b21 16395->16396 16397 318b36 16395->16397 16396->16397 16422 31aa7e 16396->16422 16397->16344 16400 31be36 _abort EnterCriticalSection LeaveCriticalSection 16399->16400 16401 3183ed 16400->16401 16402 3183f8 16401->16402 16403 31be91 _abort 37 API calls 16401->16403 16404 318420 16402->16404 16405 318402 IsProcessorFeaturePresent 16402->16405 16403->16402 16407 317b06 _abort 28 API calls 16404->16407 16406 31840d 16405->16406 16408 314206 _abort 8 API calls 16406->16408 16409 31842a 16407->16409 16408->16404 16411 31bb90 ___BuildCatchObject 16410->16411 16412 318835 _abort 38 API calls 16411->16412 16413 31bb99 16412->16413 16414 31bbe7 __onexit 16413->16414 16415 31ae61 _abort EnterCriticalSection 16413->16415 16414->16393 16416 31bbb7 16415->16416 16417 31bbfb __fassign 20 API calls 16416->16417 16418 31bbcb 16417->16418 16419 31bbea __fassign LeaveCriticalSection 16418->16419 16420 31bbde 16419->16420 16420->16414 16421 3183e8 _abort 38 API calls 16420->16421 16421->16414 16423 31aa8a ___BuildCatchObject 16422->16423 16424 318835 _abort 38 API calls 16423->16424 16425 31aa94 16424->16425 16426 31ae61 _abort EnterCriticalSection 16425->16426 16427 31ab0f __fassign LeaveCriticalSection 16425->16427 16428 31ab18 __onexit 16425->16428 16429 3183e8 _abort 38 API calls 16425->16429 16430 318b79 _free 20 API calls 16425->16430 16426->16425 16427->16425 16428->16397 16429->16425 16430->16425 16432 314c17 16431->16432 16433 314c2a 16431->16433 16434 314f0e _free 20 API calls 16432->16434 16433->16362 16435 314c1c 16434->16435 16436 3143d0 __mbsinc 26 API calls 16435->16436 16437 314c27 16436->16437 16437->16362 16439 31629a 16438->16439 16440 3162b1 16439->16440 16441 314f0e _free 20 API calls 16439->16441 16440->16362 16442 3162a3 16441->16442 16443 3143d0 __mbsinc 26 API calls 16442->16443 16444 3162ae 16443->16444 16444->16362 16446 3166d8 16445->16446 16447 3166e2 16445->16447 16510 315faa 16446->16510 16447->16362 16451 3162e0 16450->16451 16452 3162d6 16450->16452 16451->16362 16453 315faa 39 API calls 16452->16453 16454 3162df 16453->16454 16454->16362 16456 316301 16455->16456 16457 31631b 16455->16457 16459 316506 16456->16459 16460 31649b 16456->16460 16461 31634c 16456->16461 16458 314f0e _free 20 API calls 16457->16458 16457->16461 16462 316338 16458->16462 16464 31650d 16459->16464 16465 31654c 16459->16465 16474 3164dd 16459->16474 16470 3164a7 16460->16470 16460->16474 16461->16362 16463 3143d0 __mbsinc 26 API calls 16462->16463 16466 316343 16463->16466 16468 3164b4 16464->16468 16469 316512 16464->16469 16541 316ba3 16465->16541 16466->16362 16484 3164c2 16468->16484 16485 3164d6 16468->16485 16533 3167bc 16468->16533 16469->16474 16475 316517 16469->16475 16470->16468 16473 3164ed 16470->16473 16470->16484 16473->16485 16513 31692e 16473->16513 16474->16484 16474->16485 16527 3169c6 16474->16527 16476 31652a 16475->16476 16477 31651c 16475->16477 16521 316b10 16476->16521 16477->16485 16517 316b84 16477->16517 16478 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16482 3166cd 16478->16482 16482->16362 16484->16485 16544 316cd6 16484->16544 16485->16478 16487 316506 16486->16487 16488 31649b 16486->16488 16489 31650d 16487->16489 16490 31654c 16487->16490 16495 3164dd 16487->16495 16488->16495 16497 3164a7 16488->16497 16491 3164b4 16489->16491 16492 316512 16489->16492 16493 316ba3 26 API calls 16490->16493 16496 3164d6 16491->16496 16499 3167bc 48 API calls 16491->16499 16509 3164c2 16491->16509 16492->16495 16500 316517 16492->16500 16493->16509 16494 3164ed 16494->16496 16505 31692e 40 API calls 16494->16505 16495->16496 16498 3169c6 26 API calls 16495->16498 16495->16509 16503 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16496->16503 16497->16491 16497->16494 16497->16509 16498->16509 16499->16509 16501 31652a 16500->16501 16502 31651c 16500->16502 16504 316b10 26 API calls 16501->16504 16502->16496 16506 316b84 26 API calls 16502->16506 16507 3166cd 16503->16507 16504->16509 16505->16509 16506->16509 16507->16362 16508 316cd6 40 API calls 16508->16496 16509->16496 16509->16508 16511 318ec2 39 API calls 16510->16511 16512 315fd3 16511->16512 16512->16362 16515 31695a 16513->16515 16514 316989 16514->16484 16515->16514 16516 318eee __fassign 40 API calls 16515->16516 16516->16514 16518 316b90 16517->16518 16523 316b25 16521->16523 16528 3169d7 16527->16528 16529 314f0e _free 20 API calls 16528->16529 16532 316a01 16528->16532 16530 3169f6 16529->16530 16531 3143d0 __mbsinc 26 API calls 16530->16531 16531->16532 16532->16484 16534 3167d8 16533->16534 16535 315b70 21 API calls 16534->16535 16536 316825 16535->16536 16542 3169c6 26 API calls 16541->16542 16543 316bba 16542->16543 16543->16484 16545 316d36 16544->16545 16547 316ce8 16544->16547 16545->16485 16546 318eee __fassign 40 API calls 16546->16547 16547->16545 16547->16546 16549 315ae9 16548->16549 16550 315afe 16548->16550 16551 314f0e _free 20 API calls 16549->16551 16552 315b42 16550->16552 16555 315b0c 16550->16555 16554 315aee 16551->16554 16553 314f0e _free 20 API calls 16552->16553 16557 315b3a 16553->16557 16558 3143d0 __mbsinc 26 API calls 16554->16558 16564 3157d4 16555->16564 16561 3143d0 __mbsinc 26 API calls 16557->16561 16560 315af9 16558->16560 16560->16325 16562 315b52 16561->16562 16562->16325 16565 315814 16564->16565 16566 3157fc 16564->16566 16565->16566 16568 31581c 16565->16568 16567 314f0e _free 20 API calls 16566->16567 16569 315801 16567->16569 16570 314b63 __fassign 38 API calls 16568->16570 16571 3143d0 __mbsinc 26 API calls 16569->16571 16572 31582c 16570->16572 16579 31580c 16571->16579 16574 315e19 20 API calls 16572->16574 16573 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16575 315936 16573->16575 16576 3158a4 16574->16576 16575->16562 16581 316008 16576->16581 16579->16573 16582 314c12 26 API calls 16581->16582 16603 30c733 16602->16603 16604 30c9e0 RaiseException 16603->16604 16606 30c756 16603->16606 16605 30c765 16604->16605 16606->16238 16608 315375 16607->16608 16610 31537f 16607->16610 16621 315333 16608->16621 16610->16245 16612 315054 16611->16612 16613 315046 16611->16613 16612->16245 16681 314fa4 16613->16681 16617 315025 16616->16617 16618 315017 16616->16618 16617->16245 16686 314f69 16618->16686 16624 3151af 16621->16624 16625 314b63 __fassign 38 API calls 16624->16625 16626 3151c3 16625->16626 16627 315219 16626->16627 16628 3151ce 16626->16628 16629 315240 16627->16629 16639 318c01 16627->16639 16636 315316 16628->16636 16632 314f0e _free 20 API calls 16629->16632 16634 315246 16629->16634 16632->16634 16647 314c57 16636->16647 16682 314b63 __fassign 38 API calls 16681->16682 16683 314fb7 16682->16683 16684 314c57 42 API calls 16683->16684 16685 314fc5 16684->16685 16685->16245 16687 314b63 __fassign 38 API calls 16686->16687 16688 314f7c 16687->16688 16689 314c57 42 API calls 16688->16689 16690 314f8d 16689->16690 16690->16245 16692 309ba8 16691->16692 16694 309bb7 16691->16694 16692->16694 16694->16147 16895 314ce6 16894->16895 16896 314f0e _free 20 API calls 16895->16896 16897 314cf5 16895->16897 16898 314ceb 16896->16898 16897->15806 16899 3143d0 __mbsinc 26 API calls 16898->16899 16899->16897 16901 314e3d 16900->16901 16904 314e2f 16900->16904 16902 314f0e _free 20 API calls 16901->16902 16903 314e47 16902->16903 16905 3143d0 __mbsinc 26 API calls 16903->16905 16904->16901 16907 314e6d 16904->16907 16906 3047f3 16905->16906 16906->15124 16907->16906 16908 314f0e _free 20 API calls 16907->16908 16908->16903 16949 3178dd _abort 16948->16949 16958 3178f5 16949->16958 16970 317a2b GetModuleHandleW 16949->16970 16955 3178fd 16957 317972 16955->16957 16968 31799b 16955->16968 16980 3180c2 16955->16980 16961 31798a 16957->16961 16962 31781d _abort 5 API calls 16957->16962 16979 31ae61 EnterCriticalSection 16958->16979 16959 3179e4 16994 3218a9 16959->16994 16960 3179b8 16986 3179ea 16960->16986 16963 31781d _abort 5 API calls 16961->16963 16962->16961 16963->16968 16983 3179db 16968->16983 16971 3178e9 16970->16971 16971->16958 16972 317a6f GetModuleHandleExW 16971->16972 16973 317a99 GetProcAddress 16972->16973 16976 317aae 16972->16976 16973->16976 16974 317ac2 FreeLibrary 16975 317acb 16974->16975 16977 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16975->16977 16976->16974 16976->16975 16978 317ad5 16977->16978 16978->16958 16979->16955 16997 317dfb 16980->16997 17019 31aeb1 LeaveCriticalSection 16983->17019 16985 3179b4 16985->16959 16985->16960 17020 31b2a6 16986->17020 16989 317a18 16992 317a6f _abort 8 API calls 16989->16992 16990 3179f8 GetPEB 16990->16989 16991 317a08 GetCurrentProcess TerminateProcess 16990->16991 16991->16989 16993 317a20 ExitProcess 16992->16993 16995 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 16994->16995 16996 3218b4 16995->16996 16996->16996 17000 317daa 16997->17000 16999 317e1f 16999->16957 17001 317db6 ___BuildCatchObject 17000->17001 17008 31ae61 EnterCriticalSection 17001->17008 17003 317dc4 17009 317e4b 17003->17009 17007 317de2 __onexit 17007->16999 17008->17003 17012 317e73 17009->17012 17013 317e6b 17009->17013 17010 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 17011 317dd1 17010->17011 17015 317def 17011->17015 17012->17013 17014 318b79 _free 20 API calls 17012->17014 17013->17010 17014->17013 17018 31aeb1 LeaveCriticalSection 17015->17018 17017 317df9 17017->17007 17018->17017 17019->16985 17021 31b2c1 17020->17021 17022 31b2cb 17020->17022 17024 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 17021->17024 17023 31aec8 __dosmaperr 5 API calls 17022->17023 17023->17021 17025 3179f4 17024->17025 17025->16989 17025->16990 17029 31bcfd 17026->17029 17030 31bd16 17029->17030 17031 31094e __ehhandler$?_Swap@?$_Func_class@X$$V@std@@IAEXAAV12@@Z 5 API calls 17030->17031 17032 310ca0 17031->17032 17032->15391 19773 317bc0 19774 317bcc ___BuildCatchObject 19773->19774 19775 317c03 __onexit 19774->19775 19781 31ae61 EnterCriticalSection 19774->19781 19777 317be0 19782 31bbfb 19777->19782 19781->19777 19783 31bc09 __fassign 19782->19783 19785 317bf0 19782->19785 19783->19785 19789 31b937 19783->19789 19786 317c09 19785->19786 19903 31aeb1 LeaveCriticalSection 19786->19903 19788 317c10 19788->19775 19790 31b9b7 19789->19790 19794 31b94d 19789->19794 19791 31ba05 19790->19791 19793 318b79 _free 20 API calls 19790->19793 19857 31baaa 19791->19857 19795 31b9d9 19793->19795 19794->19790 19796 31b980 19794->19796 19801 318b79 _free 20 API calls 19794->19801 19797 318b79 _free 20 API calls 19795->19797 19798 31b9a2 19796->19798 19805 318b79 _free 20 API calls 19796->19805 19799 31b9ec 19797->19799 19800 318b79 _free 20 API calls 19798->19800 19804 318b79 _free 20 API calls 19799->19804 19806 31b9ac 19800->19806 19803 31b975 19801->19803 19802 31ba13 19807 31ba73 19802->19807 19816 318b79 20 API calls _free 19802->19816 19817 31b5ee 19803->19817 19809 31b9fa 19804->19809 19810 31b997 19805->19810 19811 318b79 _free 20 API calls 19806->19811 19812 318b79 _free 20 API calls 19807->19812 19814 318b79 _free 20 API calls 19809->19814 19845 31b6ec 19810->19845 19811->19790 19813 31ba79 19812->19813 19813->19785 19814->19791 19816->19802 19818 31b5ff 19817->19818 19844 31b6e8 19817->19844 19819 31b610 19818->19819 19820 318b79 _free 20 API calls 19818->19820 19821 31b622 19819->19821 19822 318b79 _free 20 API calls 19819->19822 19820->19819 19823 31b634 19821->19823 19825 318b79 _free 20 API calls 19821->19825 19822->19821 19824 31b646 19823->19824 19826 318b79 _free 20 API calls 19823->19826 19827 31b658 19824->19827 19828 318b79 _free 20 API calls 19824->19828 19825->19823 19826->19824 19829 318b79 _free 20 API calls 19827->19829 19830 31b66a 19827->19830 19828->19827 19829->19830 19831 31b67c 19830->19831 19833 318b79 _free 20 API calls 19830->19833 19832 31b68e 19831->19832 19834 318b79 _free 20 API calls 19831->19834 19835 31b6a0 19832->19835 19836 318b79 _free 20 API calls 19832->19836 19833->19831 19834->19832 19837 31b6b2 19835->19837 19838 318b79 _free 20 API calls 19835->19838 19836->19835 19839 31b6c4 19837->19839 19841 318b79 _free 20 API calls 19837->19841 19838->19837 19840 31b6d6 19839->19840 19842 318b79 _free 20 API calls 19839->19842 19843 318b79 _free 20 API calls 19840->19843 19840->19844 19841->19839 19842->19840 19843->19844 19844->19796 19846 31b6f9 19845->19846 19856 31b751 19845->19856 19847 31b709 19846->19847 19848 318b79 _free 20 API calls 19846->19848 19849 318b79 _free 20 API calls 19847->19849 19850 31b71b 19847->19850 19848->19847 19849->19850 19851 31b72d 19850->19851 19852 318b79 _free 20 API calls 19850->19852 19853 31b73f 19851->19853 19854 318b79 _free 20 API calls 19851->19854 19852->19851 19855 318b79 _free 20 API calls 19853->19855 19853->19856 19854->19853 19855->19856 19856->19798 19858 31bad5 19857->19858 19859 31bab7 19857->19859 19858->19802 19859->19858 19863 31b791 19859->19863 19862 318b79 _free 20 API calls 19862->19858 19864 31b86f 19863->19864 19865 31b7a2 19863->19865 19864->19862 19899 31b755 19865->19899 19868 31b755 __fassign 20 API calls 19869 31b7b5 19868->19869 19870 31b755 __fassign 20 API calls 19869->19870 19871 31b7c0 19870->19871 19872 31b755 __fassign 20 API calls 19871->19872 19873 31b7cb 19872->19873 19874 31b755 __fassign 20 API calls 19873->19874 19875 31b7d9 19874->19875 19876 318b79 _free 20 API calls 19875->19876 19877 31b7e4 19876->19877 19878 318b79 _free 20 API calls 19877->19878 19879 31b7ef 19878->19879 19880 318b79 _free 20 API calls 19879->19880 19881 31b7fa 19880->19881 19882 31b755 __fassign 20 API calls 19881->19882 19883 31b808 19882->19883 19884 31b755 __fassign 20 API calls 19883->19884 19885 31b816 19884->19885 19886 31b755 __fassign 20 API calls 19885->19886 19887 31b827 19886->19887 19888 31b755 __fassign 20 API calls 19887->19888 19889 31b835 19888->19889 19890 31b755 __fassign 20 API calls 19889->19890 19891 31b843 19890->19891 19892 318b79 _free 20 API calls 19891->19892 19893 31b84e 19892->19893 19894 318b79 _free 20 API calls 19893->19894 19895 31b859 19894->19895 19896 318b79 _free 20 API calls 19895->19896 19897 31b864 19896->19897 19898 318b79 _free 20 API calls 19897->19898 19898->19864 19900 31b78c 19899->19900 19901 31b77c 19899->19901 19900->19868 19901->19900 19902 318b79 _free 20 API calls 19901->19902 19902->19901 19903->19788

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 003052D0 Relevance: 213.9, APIs: 85, Strings: 36, Instructions: 2155synchronizationfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000103), ref: 0030546F
                                                                                                                                                                                                                                                                    • Part of subcall function 00307DC0: GetVersionExW.KERNEL32(?), ref: 00307DE4
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 003054B6
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: OpenProcessToken.ADVAPI32(003054C2,00000008,?,34FDA007,?,00000000), ref: 00307C8C
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00321E50), ref: 00307CB9
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00307CF5
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: IsValidSid.ADVAPI32 ref: 00307D02
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: GetSidSubAuthorityCount.ADVAPI32 ref: 00307D11
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: GetSidSubAuthority.ADVAPI32(?,?), ref: 00307D1D
                                                                                                                                                                                                                                                                    • Part of subcall function 00307C50: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00307D2F
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,0000052F), ref: 003054DC
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 003054EA
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000000C1), ref: 00305573
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 00305582
                                                                                                                                                                                                                                                                  • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 003055B9
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003055C9
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000420), ref: 003055E2
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003073C3
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003073D4
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003073E5
                                                                                                                                                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 00307481
                                                                                                                                                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 00307493
                                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 003074CF
                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,?,00000000), ref: 003074E7
                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 003074F8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003074FF
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003075F7
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: #17.COMCTL32 ref: 00303B64
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: LoadStringW.USER32(00300000,000003E9,?,00000000), ref: 00303B81
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: LoadStringW.USER32(00300000,?,?,00000000), ref: 00303B9A
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00303BAF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExchangeInterlocked$Close$Handle$LoadToken$AuthorityCreateInformationMutexProcessString_wcsrchr$ChangeCopyCountCurrentErrorFileFindHardHelper2@8LastLinkMessageNotificationOpenReleaseValidVersion___delay
                                                                                                                                                                                                                                                                  • String ID: $ /cookie:$ /edat_dir:$ /ga_clientid:$ /sub_edition:$%s\%s$/cookie$/cust_ini$/ppi_icd$/silent$/smbupd$AuthorizationType$Avast One$D$Enabled$Password$Port$Properties$ProxySettings$ProxyType$User$User-Agent: avast! Antivirus (instup)$X>2$allow_fallback$avcfg://settings/Common/VersionSwitch$count$enable$http://$https://$installer.exe$mirror$server0$servers$stable$urlpgm${versionSwitch}
                                                                                                                                                                                                                                                                  • API String ID: 1293912049-1685258233
                                                                                                                                                                                                                                                                  • Opcode ID: 4b310953d8848ef50d88a88f3080413c3b10bb1779ade7db42313228bb418d51
                                                                                                                                                                                                                                                                  • Instruction ID: 0c772332ef8594f4fb37ff2b877fee0402051a9f9f7a55c7119b18d0546f1c48
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b310953d8848ef50d88a88f3080413c3b10bb1779ade7db42313228bb418d51
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83137C71E022289BEB26DB64CC65BEEB3B8AF45304F0045D9E509A7182EB746FC5CF51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00302790 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 331COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 608 302790-3027ae 609 3027b0-3027b2 608->609 610 3027b9 608->610 609->610 612 3027b4-3027b7 609->612 611 3027bb-3027bd 610->611 613 3027c5 611->613 614 3027bf-3027c3 611->614 612->611 615 3027c7-3027e8 call 303b10 613->615 614->613 614->615 619 3027f7-30280f 615->619 620 3027ea-3027f2 GetLastError 615->620 624 302811-302819 GetLastError 619->624 625 30281e-30284a 619->625 621 302b55-302b70 SetLastError call 31094e 620->621 627 302b4c 624->627 629 302859-30285d 625->629 630 30284c-302854 GetLastError 625->630 627->621 632 302896-302899 629->632 633 30285f-302864 629->633 631 302b42-302b4b 630->631 631->627 635 302904-302914 632->635 636 30289b-3028b5 632->636 633->632 634 302866-302890 633->634 634->632 644 302b33-302b39 GetLastError 634->644 637 302961-302963 635->637 638 302916-302918 635->638 636->644 646 3028bb-3028cc call 307dc0 636->646 643 302968-302983 637->643 638->637 641 30291a-30291d 638->641 641->637 645 30291f-30292c GetFileSizeEx 641->645 643->644 651 302989-302994 643->651 647 302b3b 644->647 645->644 648 302932-302935 645->648 657 3028d5-3028fe 646->657 658 3028ce 646->658 647->631 652 302965 648->652 653 302937-30293a 648->653 651->644 661 30299a-3029bb 651->661 652->643 655 302940-30295f wsprintfW 653->655 656 30293c-30293e 653->656 655->643 656->652 656->655 657->635 657->644 658->657 661->644 664 3029c1-3029cd 661->664 664->647 665 3029d3-3029d9 664->665 665->647 666 3029df-3029e3 665->666 667 302a23-302a40 666->667 668 3029e5-3029eb 666->668 672 302a42-302a4d GetLastError 667->672 673 302a53-302a57 667->673 668->667 669 3029ed-302a08 SetFilePointerEx 668->669 669->644 670 302a0e-302a19 SetEndOfFile 669->670 670->644 674 302a1f 670->674 672->644 672->673 675 302a59-302a5e 673->675 676 302a6a-302a83 GetProcessHeap RtlAllocateHeap 673->676 674->667 675->676 677 302a60-302a64 InterlockedExchange 675->677 676->644 678 302a89-302a8e 676->678 677->676 679 302a90-302aa5 678->679 681 302aa7-302abe WriteFile 679->681 682 302ade-302ae4 GetLastError 679->682 681->682 683 302ac0-302aca 681->683 684 302ae6-302aeb 682->684 687 302ad4-302ad7 683->687 688 302acc-302ace InterlockedExchangeAdd 683->688 685 302b1c-302b31 GetProcessHeap RtlFreeHeap 684->685 686 302aed-302aef 684->686 685->647 686->685 689 302af1-302b05 SetFilePointerEx 686->689 687->684 690 302ad9-302adc 687->690 688->687 691 302b14-302b1a GetLastError 689->691 692 302b07-302b12 SetEndOfFile 689->692 690->679 691->685 692->685 692->691
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$FileSizewsprintf
                                                                                                                                                                                                                                                                  • String ID: %hs%d-$AMD64$Range: bytes=
                                                                                                                                                                                                                                                                  • API String ID: 297799064-1968478037
                                                                                                                                                                                                                                                                  • Opcode ID: 8a4643e8fae1a48fc5007763690a9d96cc5f63ebb8eca1af5bb10c8c41f326fb
                                                                                                                                                                                                                                                                  • Instruction ID: 11f0ee433ebc95f21454a2343d95cbab90ce3a6ba6976a6bdb7a22e3d8473b96
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a4643e8fae1a48fc5007763690a9d96cc5f63ebb8eca1af5bb10c8c41f326fb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DC12A70A01304AFEB329FA5DC59FABBBBCAF04711F148529F906E61D0DB75D9468B20
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003021A0 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 239timelibraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 693 3021a0-3021eb call 311c70 696 30220a-302210 693->696 697 3021ed-3021f3 693->697 699 3023c2-3023c5 696->699 700 302216 696->700 697->696 698 3021f5-3021f8 697->698 698->696 703 3021fa-3021fd 698->703 701 302427-30242f 699->701 702 3023c7-3023cd 699->702 704 30244a-30245c call 31094e 700->704 705 30221c-302221 700->705 701->704 711 302431-302448 call 303b10 ShutdownBlockReasonCreate 701->711 709 3023fb-302402 InvalidateRect 702->709 710 3023cf-3023d5 702->710 703->696 712 3021ff-302206 703->712 707 302223-302226 705->707 708 302285-3022c1 GetModuleHandleW GetProcAddress GetVersionExW 705->708 714 302228-30222b 707->714 715 30224c-302282 KillTimer InterlockedExchange DefWindowProcW call 31094e 707->715 718 302396-3023bf SetTimer DefWindowProcW call 31094e 708->718 719 3022c7-3022ce 708->719 717 302408-30241c DefWindowProcW call 31094e 709->717 716 3023d7-3023f0 DefWindowProcW call 31094e 710->716 710->717 711->704 712->696 714->717 721 302231-302247 call 301fd0 714->721 730 3023f5-3023f8 716->730 733 302421-302424 717->733 725 3022d0-3022d8 719->725 726 302342 719->726 721->704 734 302311-302314 725->734 735 3022da-3022e4 725->735 726->718 731 302344-302353 LoadLibraryW 726->731 739 302390 731->739 740 302355-302369 GetProcAddress 731->740 734->731 737 302316-30233f SetTimer DefWindowProcW call 31094e 734->737 735->731 741 3022e6-302306 SetTimer DefWindowProcW call 31094e 735->741 739->718 744 302389-30238a FreeLibrary 740->744 745 30236b-302383 740->745 748 30230b-30230e 741->748 744->739 745->744
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • KillTimer.USER32(?,00000001), ref: 0030224F
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(04BAEBCC,00000000), ref: 00302260
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 0030226C
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate), ref: 00302296
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0030229D
                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 003022B9
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,00000019,?), ref: 003022EC
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 003022F8
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,00000019,00000000), ref: 0030231D
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 00302329
                                                                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(dwmapi.dll), ref: 00302349
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DwmSetWindowAttribute), ref: 0030235B
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 0030238A
                                                                                                                                                                                                                                                                  • SetTimer.USER32(?,00000001,00000019,00000000), ref: 0030239D
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 003023A9
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000010,?,?), ref: 003023E2
                                                                                                                                                                                                                                                                  • InvalidateRect.USER32(?,?,00000000), ref: 00302402
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 0030240E
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B10: LoadStringW.USER32(00300000,00000000,00000000,00000000), ref: 00303B35
                                                                                                                                                                                                                                                                  • ShutdownBlockReasonCreate.USER32 ref: 00302448
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Proc$Window$Timer$AddressLibraryLoad$BlockCreateExchangeFreeHandleInterlockedInvalidateKillModuleReasonRectShutdownStringVersion
                                                                                                                                                                                                                                                                  • String ID: DwmSetWindowAttribute$ShutdownBlockReasonCreate$dwmapi.dll$user32.dll
                                                                                                                                                                                                                                                                  • API String ID: 2338125532-2496381605
                                                                                                                                                                                                                                                                  • Opcode ID: 49ebc02cc14133d627227797b759038ace3f91bd9d1bb08183eb7ef5813bdc6d
                                                                                                                                                                                                                                                                  • Instruction ID: bafbc85b3a9038cb01eaa01104e413b7477dfeb5f84e804223b9f8feb83ea685
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49ebc02cc14133d627227797b759038ace3f91bd9d1bb08183eb7ef5813bdc6d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9710632701208ABDB229F64EC99BFFB76CFB09711F00045DFA05961E1CB759A91CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030B910 Relevance: 39.3, APIs: 13, Strings: 9, Instructions: 777filelibraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 750 30b910-30b97d GetVersion 751 30b988-30b990 750->751 752 30b97f-30b986 750->752 754 30ba95-30bacc GetModuleHandleW GetProcAddress 751->754 755 30b996-30b9b1 GetModuleHandleW GetProcAddress 751->755 753 30b9f8-30ba32 call 314f21 * 3 call 31094e 752->753 757 30bad2-30bb11 754->757 758 30bcba 754->758 755->753 759 30b9b3-30b9cc GetSystemFirmwareTable 755->759 757->758 780 30bb17-30bb35 MapViewOfFile 757->780 761 30bcbc 758->761 766 30b9f5 759->766 767 30b9ce-30b9ec call 314f26 759->767 764 30bcc1-30bccd 761->764 769 30bcd9-30bcdb 764->769 770 30bccf-30bcd6 CloseHandle 764->770 766->753 781 30ba33-30ba5d call 311c70 GetSystemFirmwareTable 767->781 782 30b9ee 767->782 773 30bce1-30bcf9 call 30c8a0 769->773 774 30c1fd-30c1ff 769->774 770->769 789 30bd27-30bd3f call 30c8a0 773->789 790 30bcfb-30bd15 call 30c230 773->790 774->753 776 30c205-30c20c UnmapViewOfFile 774->776 776->753 785 30bcb6-30bcb8 780->785 786 30bb3b-30bb3f 780->786 781->766 810 30ba5f-30ba6d 781->810 782->766 785->761 791 30bb40-30bb46 786->791 805 30bd41-30bd62 call 30c230 * 2 789->805 806 30bd65-30bd7d call 30c8a0 789->806 801 30bd17 790->801 802 30bd1f-30bd23 790->802 793 30bb55-30bb5e 791->793 794 30bb48-30bb53 791->794 798 30bcb2-30bcb4 793->798 799 30bb64-30bb69 793->799 794->791 794->793 798->761 799->798 803 30bb6f-30bb71 799->803 801->789 807 30bd19-30bd1d 801->807 802->789 808 30bb73-30bb75 803->808 809 30bb7b-30bb87 803->809 805->806 818 30bda3-30bdbb call 30c8a0 806->818 819 30bd7f-30bda0 call 30c230 * 2 806->819 807->789 807->802 808->798 808->809 809->798 815 30bb8d-30bb94 809->815 813 30ba7c-30ba90 810->813 814 30ba6f-30ba77 810->814 813->773 814->766 815->798 820 30bb9a-30bba2 815->820 830 30bdfc 818->830 831 30bdbd-30bdd1 818->831 819->818 820->798 824 30bba8-30bbb0 820->824 824->798 828 30bbb6-30bbc5 824->828 828->798 832 30bbcb-30bc07 UnmapViewOfFile MapViewOfFile 828->832 833 30be00-30be10 call 30b520 830->833 835 30bdd3 831->835 836 30bddb-30bdf9 call 30c230 * 2 831->836 837 30bcad-30bcb0 832->837 838 30bc0d-30bc2d call 314f26 832->838 846 30c211-30c216 call 309b40 833->846 847 30be16-30be4e call 30c8a0 833->847 835->830 840 30bdd5-30bdd9 835->840 836->830 837->761 849 30bc3f-30bc7d call 311c70 call 311550 UnmapViewOfFile 838->849 850 30bc2f-30bc3a 838->850 840->830 840->836 855 30c21b-30c225 call 309b40 846->855 864 30be54-30be59 847->864 865 30c129-30c13e 847->865 849->764 850->764 868 30be6b-30be82 call 30c230 864->868 869 30be5b 864->869 866 30c140-30c150 865->866 867 30c157-30c15c 865->867 889 30c154 866->889 870 30c167-30c17d call 30c8a0 867->870 871 30c15e 867->871 883 30bf45-30bf59 call 30c230 868->883 884 30be88-30bea8 868->884 872 30be61-30be65 869->872 873 30c0f2-30c107 869->873 895 30c197-30c19a 870->895 896 30c17f-30c194 call 30c230 870->896 877 30c160-30c165 871->877 878 30c19c 871->878 872->868 872->873 880 30c109-30c119 873->880 881 30c11d-30c121 873->881 877->870 887 30c1a3-30c1a5 877->887 885 30c1a7-30c1c0 call 30c8a0 878->885 886 30c19e 878->886 880->881 881->833 882 30c127 881->882 882->889 906 30c01c-30c033 call 30c230 883->906 907 30bf5f-30bf7f 883->907 884->855 890 30beae-30beb0 884->890 898 30c1fa 885->898 908 30c1c2-30c1f5 call 30c230 * 3 885->908 892 30c1a0 886->892 893 30c1f7 886->893 887->885 887->893 889->867 899 30beb2-30beb4 890->899 900 30beb6-30bec3 call 3153c7 890->900 892->887 893->898 895->878 896->895 898->774 904 30bec5-30bed1 899->904 900->904 904->855 913 30bed7-30bed9 904->913 906->873 922 30c039-30c056 906->922 907->855 911 30bf85-30bf87 907->911 908->898 915 30bf89-30bf8b 911->915 916 30bf8d-30bf9a call 3153c7 911->916 913->855 918 30bedf-30bef3 913->918 920 30bf9c-30bfa8 915->920 916->920 923 30bef5-30bf06 call 30c660 918->923 924 30bf08 918->924 920->855 929 30bfae-30bfb0 920->929 922->855 927 30c05c-30c05e 922->927 931 30bf0b-30bf33 call 30cd50 923->931 924->931 932 30c060-30c062 927->932 933 30c064-30c071 call 3153c7 927->933 929->855 935 30bfb6-30bfca 929->935 931->855 945 30bf39-30bf41 931->945 939 30c073-30c07f 932->939 933->939 941 30bfcc-30bfdd call 30c660 935->941 942 30bfdf 935->942 939->855 944 30c085-30c087 939->944 946 30bfe2-30c00a call 30cd50 941->946 942->946 944->855 950 30c08d-30c0a1 944->950 945->883 946->855 956 30c010-30c018 946->956 952 30c0a3-30c0b4 call 30c660 950->952 953 30c0b6 950->953 957 30c0b9-30c0e3 call 30cd50 952->957 953->957 956->906 957->855 961 30c0e9-30c0ee 957->961 961->873
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32(34FDA007,00000000,00000000), ref: 0030B96D
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 0030B9A0
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0030B9A7
                                                                                                                                                                                                                                                                  • GetSystemFirmwareTable.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0030B9C6
                                                                                                                                                                                                                                                                  • GetSystemFirmwareTable.KERNELBASE ref: 0030BA59
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll,NtOpenSection), ref: 0030BABB
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0030BAC2
                                                                                                                                                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,000F0000,00010000), ref: 0030BB28
                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0030BBD1
                                                                                                                                                                                                                                                                  • MapViewOfFile.KERNEL32(00000000,00000004,00000000,?,?), ref: 0030BBFA
                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0030BC6A
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0030BCD0
                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000), ref: 0030C206
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileView$HandleUnmap$AddressFirmwareModuleProcSystemTable$CloseVersion
                                                                                                                                                                                                                                                                  • String ID: ,$@$GetSystemFirmwareTable$NtOpenSection$W$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                  • API String ID: 26960555-752303837
                                                                                                                                                                                                                                                                  • Opcode ID: 68f49925b7ff547464ab216ee45d464ba609b717631847cf7976623f086ccbc6
                                                                                                                                                                                                                                                                  • Instruction ID: e257b9da1604d3a997bca5671dca489fa4906ae77ca7f9055e9117bceac7fa1f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68f49925b7ff547464ab216ee45d464ba609b717631847cf7976623f086ccbc6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5552AE71E012599FDB16CFA8CC61AAEFBB9FF48310F184119E945AB381D734AD42CB94
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00301930 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 243commemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 962 301930-301960 FindResourceW 963 3019d1-3019d6 962->963 964 301962-301977 SizeofResource LoadResource 962->964 965 301bd9-301beb call 31094e 963->965 966 3019dc-3019ee CoInitializeEx 963->966 964->963 967 301979-301984 LockResource 964->967 968 3019f4-301a0e CoCreateInstance 966->968 969 301a96-301a9b 966->969 967->963 971 301986-301995 GlobalAlloc 967->971 968->969 972 301a14-301a2c 968->972 973 301aad-301ab2 969->973 974 301a9d-301aab 969->974 971->963 976 301997-3019a0 GlobalLock 971->976 972->969 991 301a2e-301a4a 972->991 977 301bb5-301bd8 call 31094e 973->977 978 301ab8-301ae7 973->978 974->973 979 3019a2-3019bd call 311550 GlobalUnlock CreateStreamOnHGlobal 976->979 980 3019c3-3019c8 976->980 992 301ba5-301bb3 978->992 993 301aed-301af2 978->993 979->980 980->966 983 3019ca-3019cb GlobalFree 980->983 983->963 991->969 1002 301a4c-301a50 991->1002 992->977 993->992 995 301af8-301afd 993->995 995->992 999 301b03-301b68 GetDC CreateDIBSection ReleaseDC 995->999 999->992 1001 301b6a-301b8f 999->1001 1006 301b91-301b93 1001->1006 1002->969 1003 301a52-301a70 1002->1003 1003->969 1009 301a72-301a7e call 3075e9 1003->1009 1006->992 1007 301b95-301b9e DeleteObject 1006->1007 1007->992 1011 301a83-301a94 1009->1011 1011->969
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindResourceW.KERNEL32(00000000,?,PNG,?,?,?), ref: 00301956
                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,?,?), ref: 00301964
                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000,?,?,?), ref: 0030196F
                                                                                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,?,?), ref: 0030197A
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000002,?,?,?,?), ref: 0030198B
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000,?,?,?), ref: 00301998
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000,?,?,?), ref: 003019B0
                                                                                                                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?), ref: 003019BD
                                                                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 003019CB
                                                                                                                                                                                                                                                                  • CoInitializeEx.OLE32(00000000,00000000,?,?,?), ref: 003019E6
                                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00323EF4,00000000,00000001,0032365C,?,?,?,?), ref: 00301A06
                                                                                                                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00301B3B
                                                                                                                                                                                                                                                                  • CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 00301B52
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00301B5E
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00301B98
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Global$Resource$Create$Lock$AllocDeleteFindFreeInitializeInstanceLoadObjectReleaseSectionSizeofStreamUnlock
                                                                                                                                                                                                                                                                  • String ID: ($PNG
                                                                                                                                                                                                                                                                  • API String ID: 3552602207-4064097209
                                                                                                                                                                                                                                                                  • Opcode ID: 9b1f25baf16138763bb93f592710dd4f838f61e37bf672a14d69bfbfe1941d7e
                                                                                                                                                                                                                                                                  • Instruction ID: 5cce36c319df26a46b724ff8b8a8cf7972b128176800b3666322b26d807dbf43
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b1f25baf16138763bb93f592710dd4f838f61e37bf672a14d69bfbfe1941d7e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC916071A01219EFDB16DFA5DC94BAEBBB8FF48700F044159E905A7290DB74AE42CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00304190 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 132timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 003041B4
                                                                                                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003041CD
                                                                                                                                                                                                                                                                  • GetVersionExA.KERNEL32(0000009C,?,?,00989680,00000000), ref: 003041F7
                                                                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNELBASE(?), ref: 0030420E
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 003042BC
                                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 003042DF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: SystemTimewsprintf$FileInfoNativeUnothrow_t@std@@@Version__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                  • String ID: status=%08lxstatus_microstub=%08lx%08lx$AMD64$POST$cookie=%lsedition=%ldevent=%smidex=%lsstat_session=%lsstatsSendTime=%I64dos=win,%d,%d,%d,%d,%d,%s%sexe_version=%lsSfxVersion=%ls$microstub$srv$x:2$82$:2
                                                                                                                                                                                                                                                                  • API String ID: 408124556-2523190746
                                                                                                                                                                                                                                                                  • Opcode ID: 7b2012631dd82665a22b1fab3a98e594e66247da63834d31fb0563bd603c42eb
                                                                                                                                                                                                                                                                  • Instruction ID: 6b5cbaaf2d4072a2ba7f0e21f8210bf8c7b1883d477b0d5b0f49820db17cab7c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b2012631dd82665a22b1fab3a98e594e66247da63834d31fb0563bd603c42eb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53515EB1A012289FDF22CF64DC44B9EBBB9FF48305F0081E9EA0DA6151DB758A94DF54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003038A0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1094 3038a0-3038d1 CreateFileMappingW 1095 3038e0-3038f4 MapViewOfFile 1094->1095 1096 3038d3-3038db GetLastError 1094->1096 1098 303900-30390d FindResourceW 1095->1098 1099 3038f6-3038fe GetLastError 1095->1099 1097 303976-303991 SetLastError call 31094e 1096->1097 1101 30395f-303965 GetLastError 1098->1101 1102 30390f-303919 LoadResource 1098->1102 1100 30396e-303975 CloseHandle 1099->1100 1100->1097 1105 303967-303968 UnmapViewOfFile 1101->1105 1102->1101 1104 30391b-303933 call 310392 1102->1104 1104->1101 1109 303935-30395d wsprintfW 1104->1109 1105->1100 1109->1105
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateFileMappingW.KERNELBASE(?,00000000,01000002,00000000,00000000,00000000,?), ref: 003038C7
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003038D3
                                                                                                                                                                                                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?), ref: 003038EA
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003038F6
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0030396F
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00303977
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$File$CloseCreateHandleMappingView
                                                                                                                                                                                                                                                                  • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                                                                  • API String ID: 1867540158-3491811756
                                                                                                                                                                                                                                                                  • Opcode ID: 16cf9552ed8d13547808a03a97c437b01d631749b617aad8307b7ca89c1fa36d
                                                                                                                                                                                                                                                                  • Instruction ID: d1c6288f4adbdf4d86b9d4ef15a8fa1bc80cbe3a8fa978adb1e241e4a5c2b8b3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16cf9552ed8d13547808a03a97c437b01d631749b617aad8307b7ca89c1fa36d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA21B471A01214BBD7326B659C59FBB7B6CEF08B61F10405CF906D6281DBB99A42C770
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00309EA0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 329fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1123 309ea0-309ee8 call 30b520 1126 30a257-30a25c call 309b40 1123->1126 1127 309eee-309f57 GetVersion call 309d90 CreateFileW 1123->1127 1130 30a261-30a266 call 309b40 1126->1130 1138 309f67-309f7b call 314f26 1127->1138 1139 309f59-309f62 GetLastError 1127->1139 1133 30a26b-30a270 call 309b40 1130->1133 1137 30a275-30a27a call 30c9e0 1133->1137 1146 309f89-309fc9 call 311c70 DeviceIoControl 1138->1146 1147 309f7d-309f84 1138->1147 1141 30a20e-30a222 call 314f21 1139->1141 1151 30a224-30a234 1141->1151 1152 30a238-30a256 call 31094e 1141->1152 1156 309fd9-309fde 1146->1156 1157 309fcb-309fd4 GetLastError 1146->1157 1149 30a205-30a208 CloseHandle 1147->1149 1149->1141 1151->1152 1159 309fe4-309fe7 1156->1159 1160 30a1fe 1156->1160 1157->1149 1159->1160 1161 309fed-309ff2 1159->1161 1160->1149 1162 309ff8 1161->1162 1163 30a1bb-30a1c0 1161->1163 1164 30a005-30a013 call 30b520 1162->1164 1165 309ffa-309fff 1162->1165 1166 30a1c2-30a1d6 call 30c910 call 30c9f0 1163->1166 1167 30a1d8-30a1dd 1163->1167 1164->1130 1175 30a019-30a03b 1164->1175 1165->1163 1165->1164 1166->1149 1168 30a1e0-30a1e5 1167->1168 1168->1168 1171 30a1e7-30a1fc call 30c910 call 30c9f0 1168->1171 1171->1149 1175->1133 1183 30a041-30a050 1175->1183 1184 30a052-30a05b call 30c660 1183->1184 1185 30a05e-30a077 call 30cb70 1183->1185 1184->1185 1190 30a079-30a07b 1185->1190 1191 30a07d-30a08b call 3153c7 1185->1191 1192 30a091-30a094 1190->1192 1191->1133 1191->1192 1192->1133 1195 30a09a-30a0ae 1192->1195 1196 30a182-30a193 1195->1196 1197 30a0b4-30a0c1 1195->1197 1198 30a195-30a1ab 1196->1198 1199 30a1ae-30a1b9 call 30c9f0 1196->1199 1200 30a177-30a17d call 30c910 1197->1200 1201 30a0c7-30a0ce 1197->1201 1198->1199 1199->1149 1200->1196 1201->1200 1204 30a0d4-30a0f4 1201->1204 1210 30a102-30a11f 1204->1210 1211 30a0f6-30a0f8 1204->1211 1210->1137 1218 30a125-30a13e call 30cd50 1210->1218 1211->1210 1212 30a0fa-30a100 1211->1212 1213 30a141-30a14e 1212->1213 1215 30a150-30a167 1213->1215 1216 30a16a-30a175 1213->1216 1215->1216 1216->1196 1218->1213
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetVersion.KERNEL32 ref: 00309F20
                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000000,00000003,00000000,00000003,00000000,00000000), ref: 00309F49
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00309F59
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0030A208
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseCreateErrorFileHandleLastVersion
                                                                                                                                                                                                                                                                  • String ID: $V0$SCSIDISK$\\.\PhysicalDrive%u$\\.\Scsi%u:
                                                                                                                                                                                                                                                                  • API String ID: 1515857667-807252229
                                                                                                                                                                                                                                                                  • Opcode ID: b8f897e1c53b4f0661f6e1be0cd27a4c638790158246f8bc918125ba1bbbf473
                                                                                                                                                                                                                                                                  • Instruction ID: 6aff9e0583c1321981d70324bd75e642e848797feef83368268dbbe9d7f4a5bd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8f897e1c53b4f0661f6e1be0cd27a4c638790158246f8bc918125ba1bbbf473
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04C1A070A02718DFDB16DFA4D8A1BADB7B9FF48310F148559E802AB391DB35AD01CB91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030C2A0 Relevance: 16.8, APIs: 11, Instructions: 316fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1326 30c2a0-30c2e1 call 30b520 1329 30c2e7-30c30e call 30b520 1326->1329 1330 30c62c-30c631 call 309b40 1326->1330 1332 30c636-30c63b call 309b40 1329->1332 1342 30c314-30c338 call 30b520 1329->1342 1330->1332 1335 30c640-30c645 call 309b40 1332->1335 1339 30c64a-30c654 call 309b40 1335->1339 1342->1335 1348 30c33e-30c385 1342->1348 1351 30c397-30c3a5 GetSystemDirectoryW 1348->1351 1352 30c387-30c394 call 30c6c0 1348->1352 1354 30c3b4-30c3b6 1351->1354 1355 30c3a7-30c3b2 GetLastError 1351->1355 1352->1351 1357 30c3b9-30c3cc call 3154ee 1354->1357 1355->1357 1357->1339 1360 30c3d2-30c3d8 1357->1360 1360->1339 1361 30c3de-30c3e9 1360->1361 1362 30c59d-30c5ad 1361->1362 1363 30c3ef-30c402 1361->1363 1366 30c5c6-30c5d3 1362->1366 1367 30c5af-30c5c3 1362->1367 1364 30c404-30c414 call 30c6c0 1363->1364 1365 30c417-30c426 GetVolumePathNameW 1363->1365 1364->1365 1371 30c433-30c441 call 3154ee 1365->1371 1372 30c428-30c430 GetLastError 1365->1372 1368 30c5d5-30c5e5 1366->1368 1369 30c5e9-30c5f7 1366->1369 1367->1366 1368->1369 1374 30c5f9-30c609 1369->1374 1375 30c60d-30c62b call 31094e 1369->1375 1371->1339 1383 30c447-30c44a 1371->1383 1372->1371 1374->1375 1383->1339 1385 30c450-30c45b 1383->1385 1385->1362 1386 30c461-30c473 1385->1386 1387 30c485-30c494 GetVolumeNameForVolumeMountPointW 1386->1387 1388 30c475-30c482 call 30c6c0 1386->1388 1389 30c4a1-30c4af call 3154ee 1387->1389 1390 30c496-30c49e GetLastError 1387->1390 1388->1387 1389->1339 1395 30c4b5-30c4b8 1389->1395 1390->1389 1395->1339 1396 30c4be-30c4c9 1395->1396 1396->1362 1397 30c4cf-30c4d7 1396->1397 1398 30c4d9-30c4db 1397->1398 1399 30c53e-30c556 CreateFileW 1397->1399 1402 30c4e0-30c4e4 1398->1402 1400 30c563-30c581 DeviceIoControl 1399->1400 1401 30c558-30c561 GetLastError 1399->1401 1403 30c583-30c58c GetLastError 1400->1403 1404 30c58e-30c594 1400->1404 1401->1362 1405 30c4f1 1402->1405 1406 30c4e6-30c4ef 1402->1406 1407 30c596-30c597 CloseHandle 1403->1407 1404->1407 1408 30c4f3-30c4ff 1405->1408 1406->1408 1407->1362 1408->1402 1409 30c501-30c503 1408->1409 1409->1399 1410 30c505-30c509 1409->1410 1410->1339 1411 30c50f-30c51e 1410->1411 1412 30c520-30c529 call 30c6c0 1411->1412 1413 30c52c-30c52f 1411->1413 1412->1413 1413->1339 1415 30c535-30c53a 1413->1415 1415->1399
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 0030B520: GetProcessHeap.KERNEL32($V0), ref: 0030B57C
                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0030C39D
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,003222D8), ref: 0030C3A7
                                                                                                                                                                                                                                                                  • GetVolumePathNameW.KERNELBASE(?,00000010,00000104,?,?,?,?,?,003222D8), ref: 0030C41E
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,003222D8), ref: 0030C428
                                                                                                                                                                                                                                                                  • GetVolumeNameForVolumeMountPointW.KERNELBASE(00000010,00000010,00000104,?,?,?,?,?,?,?,003222D8), ref: 0030C48C
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,003222D8), ref: 0030C496
                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0030C54B
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,003222D8), ref: 0030C558
                                                                                                                                                                                                                                                                  • DeviceIoControl.KERNELBASE(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000), ref: 0030C579
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,003222D8), ref: 0030C583
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,003222D8), ref: 0030C597
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$Volume$Name$CloseControlCreateDeviceDirectoryFileHandleHeapMountPathPointProcessSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 204137380-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4e643a22fedd263a8e0c20f66cb13024128c1bb12f572333dd580cf65ae5f143
                                                                                                                                                                                                                                                                  • Instruction ID: 00a4d5835246ec6d36b25cbee403da18b8e32851e75bf9ff1cc327cc9d09c88a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e643a22fedd263a8e0c20f66cb13024128c1bb12f572333dd580cf65ae5f143
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAB1BD35A016059FDB22DFA9CCA5BADB7B4EF48310F14522DE902AB3D1DB75AD01CB50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308B60 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 88encryptionstringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1417 308b60-308beb call 311c70 call 307dc0 1422 308bfc-308c15 CryptAcquireContextA 1417->1422 1423 308bed-308bf6 lstrcatA 1417->1423 1424 308c47-308c74 GetLastError call 307b80 call 311dca 1422->1424 1425 308c17-308c20 1422->1425 1423->1422 1434 308c76-308c79 CryptReleaseContext 1424->1434 1435 308c7f 1424->1435 1426 308c22-308c25 CryptReleaseContext 1425->1426 1427 308c2b-308c46 call 31094e 1425->1427 1426->1427 1434->1435
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00307DC0: GetVersionExW.KERNEL32(?), ref: 00307DE4
                                                                                                                                                                                                                                                                  • lstrcatA.KERNEL32(?, (Prototype),?,34FDA007,?), ref: 00308BF6
                                                                                                                                                                                                                                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,34FDA007,?), ref: 00308C0D
                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000,?,34FDA007,?), ref: 00308C25
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,34FDA007,?), ref: 00308C4C
                                                                                                                                                                                                                                                                    • Part of subcall function 00307B80: ___std_exception_copy.LIBVCRUNTIME ref: 00307BB8
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308C6A
                                                                                                                                                                                                                                                                    • Part of subcall function 00311DCA: RaiseException.KERNEL32(?,?,Q~0,?,?,?,?,?,?,?,?,00307E51,?,0032B0F4,00000000), ref: 00311E2A
                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000,?,0032B0F4,00000000,?,34FDA007,?), ref: 00308C79
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ContextCrypt$Release$AcquireErrorExceptionException@8LastRaiseThrowVersion___std_exception_copylstrcat
                                                                                                                                                                                                                                                                  • String ID: (Prototype)$Unable to acquire cryptographic provider!$vider
                                                                                                                                                                                                                                                                  • API String ID: 2041426586-155044149
                                                                                                                                                                                                                                                                  • Opcode ID: 295a345beef7da7d11215de5403f3c11238de703170910f54ae18def69faeaa9
                                                                                                                                                                                                                                                                  • Instruction ID: 23b6cb31fc15ebc6abdd600ff34adc8b5ba5684b4cabaf79d8654459722b5ffe
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 295a345beef7da7d11215de5403f3c11238de703170910f54ae18def69faeaa9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56317E71E00218ABDB22DFA4DD55BEEB7BCFB08700F10861EF945A7291EB706685CB54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003091F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00308118,0000800C,34FDA007,?), ref: 00309210
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(?,00000000), ref: 00309229
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to create hash context!), ref: 00309244
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0030925C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to create hash context!, xrefs: 0030923F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CryptHash$CreateDestroyErrorException@8LastThrow
                                                                                                                                                                                                                                                                  • String ID: Unable to create hash context!
                                                                                                                                                                                                                                                                  • API String ID: 1323042765-1944974401
                                                                                                                                                                                                                                                                  • Opcode ID: a8fce8ae8f90afd630d6d56bc66c8b837b0de01b20db6bef7e9fd47423a2bcea
                                                                                                                                                                                                                                                                  • Instruction ID: 815de2e191a4495b8328127a539fd96e2e790ce7b9065227886f0eefd8fb7488
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8fce8ae8f90afd630d6d56bc66c8b837b0de01b20db6bef7e9fd47423a2bcea
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC016271A01208BBD726EFA0DD15FEE7BBCEF08710F00445DE94297191DA30A9458654
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptGenRandom.ADVAPI32(00000008,00308FA9,34FDA007,?,00308FA9,0000800C,?,?,0032B0F4,00000000,?,?,?,?,00321FF9,000000FF), ref: 00309048
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to generate random number!,?,00308FA9,0000800C,?,?,0032B0F4,00000000,?,?,?,?,00321FF9,000000FF), ref: 003090C0
                                                                                                                                                                                                                                                                    • Part of subcall function 00307B80: ___std_exception_copy.LIBVCRUNTIME ref: 00307BB8
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 003090D8
                                                                                                                                                                                                                                                                    • Part of subcall function 00311DCA: RaiseException.KERNEL32(?,?,Q~0,?,?,?,?,?,?,?,?,00307E51,?,0032B0F4,00000000), ref: 00311E2A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to generate random number!, xrefs: 003090BB
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CryptErrorExceptionException@8LastRaiseRandomThrow___std_exception_copy
                                                                                                                                                                                                                                                                  • String ID: Unable to generate random number!
                                                                                                                                                                                                                                                                  • API String ID: 4207938790-1854326980
                                                                                                                                                                                                                                                                  • Opcode ID: 4026123be3fd5e824fcf55a219e666e558f4dab4741ae3d467269e01f9e41f10
                                                                                                                                                                                                                                                                  • Instruction ID: 99c44d4eade59d499610165d5676b7063d6c260ec6df076bfce8d5990350f8b5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4026123be3fd5e824fcf55a219e666e558f4dab4741ae3d467269e01f9e41f10
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66219575A00248DFC726EFA4EC52FEEB778FB08710F10421AF9155B6D1DB306585CA91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030AE80 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 449encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 0030B520: GetProcessHeap.KERNEL32($V0), ref: 0030B57C
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: lstrcatA.KERNEL32(?, (Prototype),?,34FDA007,?), ref: 00308BF6
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,34FDA007,?), ref: 00308C0D
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: CryptReleaseContext.ADVAPI32(00000000,00000000,?,34FDA007,?), ref: 00308C25
                                                                                                                                                                                                                                                                    • Part of subcall function 003091F0: CryptCreateHash.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00308118,0000800C,34FDA007,?), ref: 00309210
                                                                                                                                                                                                                                                                    • Part of subcall function 003091F0: CryptDestroyHash.ADVAPI32(?,00000000), ref: 00309229
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: GetLastError.KERNEL32(Unable to acquire cryptographic provider!,?,34FDA007,?), ref: 00308C4C
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: __CxxThrowException@8.LIBVCRUNTIME ref: 00308C6A
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: CryptReleaseContext.ADVAPI32(00000000,00000000,?,0032B0F4,00000000,?,34FDA007,?), ref: 00308C79
                                                                                                                                                                                                                                                                    • Part of subcall function 003091F0: GetLastError.KERNEL32(Unable to create hash context!), ref: 00309244
                                                                                                                                                                                                                                                                    • Part of subcall function 003091F0: __CxxThrowException@8.LIBVCRUNTIME ref: 0030925C
                                                                                                                                                                                                                                                                    • Part of subcall function 0030C2A0: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0030C39D
                                                                                                                                                                                                                                                                    • Part of subcall function 0030C2A0: GetLastError.KERNEL32(?,?,?,?,003222D8), ref: 0030C3A7
                                                                                                                                                                                                                                                                    • Part of subcall function 003090E0: CryptGetHashParam.ADVAPI32(?,00000004,0000800C,003084E4,00000000,34FDA007,?,?,?,00000000), ref: 00309135
                                                                                                                                                                                                                                                                    • Part of subcall function 003090E0: CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 0030917C
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 0030B38F
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00008003), ref: 0030B3C3
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Crypt$Hash$ContextDestroyErrorLast$Exception@8ParamReleaseThrow$AcquireCreateDirectoryHeapProcessSystemlstrcat
                                                                                                                                                                                                                                                                  • String ID: $V0
                                                                                                                                                                                                                                                                  • API String ID: 2781682779-171834704
                                                                                                                                                                                                                                                                  • Opcode ID: ce2d39e5412c69694bb2d113881ec68112f933e3083e3083fadf027c3d7e0d6b
                                                                                                                                                                                                                                                                  • Instruction ID: 2d89b5f877cf4400db4039b58b4cd44c9eac2960bf43569efc85eba33f2ac34f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce2d39e5412c69694bb2d113881ec68112f933e3083e3083fadf027c3d7e0d6b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36127E31902268CBDB26DB68CC54BDDFBB4AF45314F1442DAD849A7382DB34AE85CF91
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308090 Relevance: 1.6, APIs: 1, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000,?,?,?,00000000,00000004,?,003084E4,0000800C,34FDA007,?), ref: 0030816B
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,34FDA007,?,?,003084E4,?,?,?,?,00321FF9,000000FF), ref: 00308E28
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00321FF9,000000FF), ref: 00308E44
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptHashData.ADVAPI32(?,?,34FDA007,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308E5B
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308E84
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00321FF9,000000FF), ref: 00308EC8
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00321FF9,000000FF), ref: 00308EDE
                                                                                                                                                                                                                                                                    • Part of subcall function 00308DC0: CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308EEE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Crypt$Hash$Destroy$Param$ContextCreateDataRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2857581251-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9fc8f8bf23c65fda2b36b4d43ee8c0187ccfdf3ab9ead71f07b8295abff340c9
                                                                                                                                                                                                                                                                  • Instruction ID: 611509462ae50af1bb9834deaa31478ca6f537261cd3380197bdd01571b2f95c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fc8f8bf23c65fda2b36b4d43ee8c0187ccfdf3ab9ead71f07b8295abff340c9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A312BB190120AABDB16DF94CD52BEFBBB8FF04314F104119E901B72C1DB746A49CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00307C50 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(003054C2,00000008,?,34FDA007,?,00000000), ref: 00307C8C
                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00321E50), ref: 00307CB9
                                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,00000000), ref: 00307CF5
                                                                                                                                                                                                                                                                  • IsValidSid.ADVAPI32 ref: 00307D02
                                                                                                                                                                                                                                                                  • GetSidSubAuthorityCount.ADVAPI32 ref: 00307D11
                                                                                                                                                                                                                                                                  • GetSidSubAuthority.ADVAPI32(?,?), ref: 00307D1D
                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00307D2F
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to open process token!), ref: 00307D58
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00307D70
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to retrieve process mandatory label!,?,0032B0F4,00000000), ref: 00307D7A
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00307D92
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to verify mandatory label!,?,0032B0F4,00000000), ref: 00307D9C
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00307DB4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to retrieve process mandatory label!, xrefs: 00307D75
                                                                                                                                                                                                                                                                  • Unable to open process token!, xrefs: 00307D53
                                                                                                                                                                                                                                                                  • Unable to verify mandatory label!, xrefs: 00307D97
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorException@8LastThrowToken$AuthorityInformation$ChangeCloseCountFindNotificationOpenProcessValid
                                                                                                                                                                                                                                                                  • String ID: Unable to open process token!$Unable to retrieve process mandatory label!$Unable to verify mandatory label!
                                                                                                                                                                                                                                                                  • API String ID: 3836789619-3458634299
                                                                                                                                                                                                                                                                  • Opcode ID: e1ebf6c40294da8549e51a928c8b3d427a7efbfc769d5897479c82445c860160
                                                                                                                                                                                                                                                                  • Instruction ID: 085372278d39c9cc3aed51f7213eab50a42f3e4cc49a773a50752c3b4a628665
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1ebf6c40294da8549e51a928c8b3d427a7efbfc769d5897479c82445c860160
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84416F71A04218ABDB16EBA0EC45FEEB7BCFF08710F004119F916E6190DB74AA05CB61
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00301D90 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 168registrywindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1050 301d90-301dde 1051 301de0-301de3 1050->1051 1052 301de5 1050->1052 1051->1052 1053 301dea-301df7 call 301930 1051->1053 1052->1053 1056 301f8a-301f91 1053->1056 1057 301dfd-301e0c GetObjectW 1053->1057 1058 301f96-301fb1 call 31094e 1056->1058 1057->1056 1059 301e12-301ecd LoadImageW * 2 CreatePatternBrush call 303b10 KiUserCallbackDispatcher GetSystemMetrics LoadImageW SystemParametersInfoW 1057->1059 1059->1056 1064 301ed3-301f49 call 303b10 RegisterClassExW CreateWindowExW InterlockedExchange 1059->1064 1064->1056 1067 301f4b 1064->1067 1068 301f50-301f62 KiUserCallbackDispatcher 1067->1068 1069 301f64-301f67 1068->1069 1070 301f75-301f7f 1068->1070 1069->1068 1071 301f69-301f73 DispatchMessageW 1069->1071 1070->1058 1071->1068
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00301E04
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,00000064,00000001,00000000,00000000,00000040), ref: 00301E51
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00301E6C
                                                                                                                                                                                                                                                                  • CreatePatternBrush.GDI32(00000000), ref: 00301E76
                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000032), ref: 00301E98
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000031), ref: 00301EA2
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00301EB2
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00301EC5
                                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00301F0F
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,?,00000000,90080000,?,?,?,?,00000000,00000000,?,?), ref: 00301F38
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 00301F40
                                                                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00301F5A
                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00301F6D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ImageLoad$CallbackCreateDispatcherSystemUser$BrushClassDispatchExchangeInfoInterlockedMessageMetricsObjectParametersPatternRegisterWindow
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 2747924374-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: 3064a643fac1749d8a80af78db660847a5f8ed556c3074226769edb7d6a965f8
                                                                                                                                                                                                                                                                  • Instruction ID: 8de99f41030a95f6425000fd25c11bcd54df0899679595e4779877ded1fe0d0b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3064a643fac1749d8a80af78db660847a5f8ed556c3074226769edb7d6a965f8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41516071A41319EFEB218FA4DC59BAEBBB8FB04710F144219F605AB2D0DBB49945CF50
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00301020 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 60libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1072 301020-30103c HeapSetInformation GetModuleHandleW 1073 301063-30107b SetDllDirectoryW GetModuleHandleW 1072->1073 1074 30103e-30104e GetProcAddress 1072->1074 1076 3010a2-3010ac IsProcessorFeaturePresent 1073->1076 1077 30107d-30108d GetProcAddress 1073->1077 1074->1073 1075 301050-301061 1074->1075 1075->1073 1075->1076 1078 3010c6-3010d0 call 307dc0 1076->1078 1079 3010ae-3010c0 call 303b50 ExitProcess 1076->1079 1077->1076 1080 30108f-3010a0 1077->1080 1087 3010d2-3010e4 call 303b50 ExitProcess 1078->1087 1088 3010ea call 31066e 1078->1088 1080->1076 1093 3010ef-3010f0 ExitProcess 1088->1093
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00301029
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00301034
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00301044
                                                                                                                                                                                                                                                                  • SetDllDirectoryW.KERNEL32(003235C4), ref: 00301068
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(ntdll.dll), ref: 00301073
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LdrEnumerateLoadedModules), ref: 00301083
                                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 003010A4
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 003010C0
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 003010E4
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 003010F0
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExitProcess$AddressHandleModuleProc$DirectoryFeatureHeapInformationPresentProcessor
                                                                                                                                                                                                                                                                  • String ID: LdrEnumerateLoadedModules$SetDefaultDllDirectories$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                  • API String ID: 1484830609-1451921263
                                                                                                                                                                                                                                                                  • Opcode ID: cc724bd90a7105372cec097732079ba524a688c37ca943aead969cf6eed343cc
                                                                                                                                                                                                                                                                  • Instruction ID: 2ad1d0e0ea2d4dc7e7c63251f53d46c05897bf9af989137fcd3a4b4d0e8c10a6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc724bd90a7105372cec097732079ba524a688c37ca943aead969cf6eed343cc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD115270B82311ABD6333772EC2FB5D795CAF00F46F114414FA4AEA1D0DE989B464AA6
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00303170 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1110 303170-303199 GetWindowsDirectoryW 1111 303220-303226 GetLastError 1110->1111 1112 30319f-3031a2 1110->1112 1114 303228-30322d 1111->1114 1112->1111 1113 3031a4-3031c1 call 308ff0 ConvertStringSecurityDescriptorToSecurityDescriptorA 1112->1113 1113->1111 1120 3031c3-3031f7 wsprintfW CreateDirectoryW 1113->1120 1116 303236-303252 SetLastError call 31094e 1114->1116 1117 30322f-303230 LocalFree 1114->1117 1117->1116 1120->1114 1122 3031f9-30321e wsprintfW CreateDirectoryW 1120->1122 1122->1111 1122->1114
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000020,?,?,?), ref: 00303191
                                                                                                                                                                                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU),00000001,?,00000000), ref: 003031BA
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 003031E1
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 003031EF
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00303208
                                                                                                                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?), ref: 00303216
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?), ref: 00303220
                                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?), ref: 00303230
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?), ref: 00303237
                                                                                                                                                                                                                                                                    • Part of subcall function 00308FF0: CryptGenRandom.ADVAPI32(00000008,00308FA9,34FDA007,?,00308FA9,0000800C,?,?,0032B0F4,00000000,?,?,?,?,00321FF9,000000FF), ref: 00309048
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU), xrefs: 003031B5
                                                                                                                                                                                                                                                                  • %c:\asw.%08x%08x, xrefs: 00303202
                                                                                                                                                                                                                                                                  • %s\Temp\asw.%08x%08x, xrefs: 003031D1
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Directory$CreateDescriptorErrorLastSecuritywsprintf$ConvertCryptFreeLocalRandomStringWindows
                                                                                                                                                                                                                                                                  • String ID: %c:\asw.%08x%08x$%s\Temp\asw.%08x%08x$D:P(A;CIOI;FA;;;SY)(A;CIOI;FA;;;BA)(A;CIOI;FRFX;;;BU)
                                                                                                                                                                                                                                                                  • API String ID: 1345463893-1526440225
                                                                                                                                                                                                                                                                  • Opcode ID: 8e277a24494c598be55cbe8309b1733a5fbf04314a7aa104bda1f449e4701b43
                                                                                                                                                                                                                                                                  • Instruction ID: ed2512bc1f2a226de24b39535cc9a22cf3a8627107456e25f093a3ffdaad22cf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e277a24494c598be55cbe8309b1733a5fbf04314a7aa104bda1f449e4701b43
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70215171A0121CBBDB22DFE8EC85DAEBBBCEF05B41F054019F905E6150DB349A468B65
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003082C0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 243COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1223 3082c0-308300 1224 308306-30830e 1223->1224 1225 3083f8-30840a 1223->1225 1224->1225 1226 308314-308319 1224->1226 1227 308410-30841b 1225->1227 1228 3085a1-3085b9 call 307b80 call 311dca 1225->1228 1229 3083f6 1226->1229 1230 30831f-308321 1226->1230 1231 308421-308428 1227->1231 1232 308602-30861f call 307b80 call 311dca 1227->1232 1242 3085be-3085d6 call 307b80 call 311dca 1228->1242 1229->1225 1230->1229 1234 308327-308331 1230->1234 1235 30842a-30842d 1231->1235 1236 30845d-308463 1231->1236 1234->1229 1240 308337-30833d 1234->1240 1241 308433-30845b call 307f40 1235->1241 1235->1242 1236->1232 1239 308469-308470 1236->1239 1239->1232 1246 308476-30847c 1239->1246 1240->1229 1247 308343-308349 1240->1247 1261 3084c5-308505 call 308090 call 308620 1241->1261 1262 3085db call 3143e0 1242->1262 1251 308482-30848c 1246->1251 1252 3085e5-3085fd call 307b80 call 311dca 1246->1252 1247->1229 1253 30834f-308361 1247->1253 1251->1252 1257 308492-30849c 1251->1257 1252->1232 1258 308363-308369 1253->1258 1259 308388-308393 1253->1259 1257->1252 1263 3084a2-3084c2 call 30d600 1257->1263 1258->1229 1264 30836f-308378 1258->1264 1267 3083a2-3083a8 1259->1267 1268 308395-3083a0 1259->1268 1284 308507-308514 1261->1284 1285 308549-30854e 1261->1285 1275 3085e0 call 3143e0 1262->1275 1263->1261 1264->1229 1271 30837a-308386 1264->1271 1267->1229 1274 3083aa-3083b3 1267->1274 1268->1229 1268->1267 1277 3083c1-3083c9 1271->1277 1274->1229 1279 3083b5-3083bb 1274->1279 1275->1252 1277->1225 1282 3083cb-3083cd 1277->1282 1279->1277 1282->1225 1283 3083cf-3083d1 1282->1283 1286 3083d3-3083d5 1283->1286 1287 3083d8-3083db 1283->1287 1290 308516-308524 1284->1290 1291 30852a-308542 call 31098f 1284->1291 1288 308550-30855d 1285->1288 1289 308579-3085a0 call 31094e 1285->1289 1286->1287 1292 3083e0-3083e2 1287->1292 1293 30856f-308576 call 31098f 1288->1293 1294 30855f-30856d 1288->1294 1290->1262 1290->1291 1291->1285 1298 3083f1-3083f4 1292->1298 1299 3083e4-3083e8 1292->1299 1293->1289 1294->1275 1294->1293 1298->1225 1299->1298 1302 3083ea-3083ef 1299->1302 1302->1292 1302->1298
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: ASWS$ASWS$ASWS$Unable to read signature!$ig2A$ig2A
                                                                                                                                                                                                                                                                  • API String ID: 0-1997839495
                                                                                                                                                                                                                                                                  • Opcode ID: 94f16eaaaeb3540ab1a9c479f517500954577930251afe0dc50975541553624c
                                                                                                                                                                                                                                                                  • Instruction ID: d1bd43a5eeab338ff44b8b3e0e54b1d0ac7b8faae5eb29aae7b0d12a61b81993
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f16eaaaeb3540ab1a9c479f517500954577930251afe0dc50975541553624c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67912434E012089BCF1ADFA4DDA5BEEB774FF45704F108169E4406B1C2EB359985CB95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003081B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1305 3081b0-3081eb GetFileSizeEx 1306 3081f1-3081f5 1305->1306 1307 308299 1305->1307 1308 308211-308226 CreateFileMappingW 1306->1308 1309 3081f7 1306->1309 1310 30829e-3082a4 GetLastError 1307->1310 1313 308228-30822d 1308->1313 1314 30822f-30824c MapViewOfFile 1308->1314 1311 308202-30820c 1309->1311 1312 3081f9-308200 1309->1312 1315 3082a5-3082bb call 307b80 call 311dca 1310->1315 1311->1315 1312->1308 1312->1311 1313->1310 1316 308255-308298 call 3082c0 UnmapViewOfFile CloseHandle call 31094e 1314->1316 1317 30824e-308253 1314->1317 1317->1310
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetFileSizeEx.KERNEL32(?,00321EF0,34FDA007,?,?,?,?,?,00000000,00321EF0,000000FF,?,003026D7,?,00000000), ref: 003081E3
                                                                                                                                                                                                                                                                  • CreateFileMappingW.KERNELBASE(?,00000000,00000002,00000000,00000000,00000000,?,?,00000000,00321EF0), ref: 0030821C
                                                                                                                                                                                                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,00000000,?,?,00000000,00321EF0), ref: 00308242
                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000,?,?,?,?,?,00000000,00321EF0), ref: 0030826E
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00321EF0), ref: 00308275
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to determine file size!,?,?,00000000,00321EF0,000000FF,?,003026D7,?,00000000), ref: 0030829E
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 003082B6
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$View$CloseCreateErrorException@8HandleLastMappingSizeThrowUnmap
                                                                                                                                                                                                                                                                  • String ID: Unable to determine file size!$Unable to open file mapping!$Unable to process files over 1GB!
                                                                                                                                                                                                                                                                  • API String ID: 3729524651-729644499
                                                                                                                                                                                                                                                                  • Opcode ID: 038cdb73022ff14edfe31d583bcd66354e5aa711ebd78f2a82c9eea86cc66fca
                                                                                                                                                                                                                                                                  • Instruction ID: 127275dd291c042b971b407c74b2e62ffaa8dae7b62e2127d28d404ef06781e8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 038cdb73022ff14edfe31d583bcd66354e5aa711ebd78f2a82c9eea86cc66fca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7531E631A81618BBDB239B94EC16FEEBB7CEB44B10F10451AFA01B62C0DB7455458BA5
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00302B80 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 319fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindResourceW.KERNEL32(00300000,?,0000000A,.edat,00000005,?,?,?,?,00000000,?,?,00000000), ref: 00303083
                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00300000,00000000,?,?,00000000,?,?,00000000), ref: 00303095
                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00300000,00000000,?,?,00000000,?,?,00000000), ref: 003030A3
                                                                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,00000004,00000001,00000000,00000002,00000080,00000000,?,?,00000000,?,?,00000000), ref: 003030CE
                                                                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00000000,?,?,00000000), ref: 003030EB
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,00000000), ref: 003030F2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Resource$File$CloseCreateFindHandleLoadSizeofWrite
                                                                                                                                                                                                                                                                  • String ID: .edat$EDAT_
                                                                                                                                                                                                                                                                  • API String ID: 2436039785-3242799629
                                                                                                                                                                                                                                                                  • Opcode ID: c198c4193eff00a3df994b8a6c1c0858400de54a2b4c35d034aaa71c8c5d22d1
                                                                                                                                                                                                                                                                  • Instruction ID: 213695423337bb2629cb8846449fa0b67142a732363bf36e5102e2cf5beaf91e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c198c4193eff00a3df994b8a6c1c0858400de54a2b4c35d034aaa71c8c5d22d1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DA1C872E012159BDF1ADF68DCA5BEEB7B9EF48300F114129E916A73D1DB305A05CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00304000 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 81stringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • POST, xrefs: 003040DD
                                                                                                                                                                                                                                                                  • &t=event&ec=microstub&ea=error&el=%08lx%08lx, xrefs: 00304061
                                                                                                                                                                                                                                                                  • &t=screenview&cd=%s, xrefs: 00304026
                                                                                                                                                                                                                                                                  • &t=event&ec=microstub&ea=ok&el=%08lx, xrefs: 00304046
                                                                                                                                                                                                                                                                  • v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s, xrefs: 00304090
                                                                                                                                                                                                                                                                  • /collect, xrefs: 003040D3
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: wsprintf$lstrlen
                                                                                                                                                                                                                                                                  • String ID: &t=event&ec=microstub&ea=error&el=%08lx%08lx$&t=event&ec=microstub&ea=ok&el=%08lx$&t=screenview&cd=%s$/collect$POST$v=1&tid=%ls&cid=%ls&aiid=%ls&an=Free&cd3=Online%s
                                                                                                                                                                                                                                                                  • API String ID: 217384638-3914808318
                                                                                                                                                                                                                                                                  • Opcode ID: 349b076c9420c8a6cbf395ebb7b845f924d36093f336d95ec0eb37935235b1ed
                                                                                                                                                                                                                                                                  • Instruction ID: 6d5b4ec3141cda8b6b7e72638d9f292e39cd99797880d1c7304319628883933e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 349b076c9420c8a6cbf395ebb7b845f924d36093f336d95ec0eb37935235b1ed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82315CF1904219ABCB22DF64DC05B9AB7BCFF09314F004599E609E7241EB749B94CF95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003039A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindResourceW.KERNEL32(00300000,00000001,00000010), ref: 003039D1
                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00300000,00000000), ref: 003039E1
                                                                                                                                                                                                                                                                  • wsprintfW.USER32 ref: 00303A32
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • %d.%d.%d.%d, xrefs: 00303A2A
                                                                                                                                                                                                                                                                  • \StringFileInfo\040904b0\Edition, xrefs: 00303A47
                                                                                                                                                                                                                                                                  • \StringFileInfo\040904b0\SubEdition, xrefs: 00303A6F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Resource$FindLoadwsprintf
                                                                                                                                                                                                                                                                  • String ID: %d.%d.%d.%d$\StringFileInfo\040904b0\Edition$\StringFileInfo\040904b0\SubEdition
                                                                                                                                                                                                                                                                  • API String ID: 1667977947-3794282237
                                                                                                                                                                                                                                                                  • Opcode ID: 16063fd23167901520fe812dc86d0fa043d531f97f4c5e7b8afc5b585fa53303
                                                                                                                                                                                                                                                                  • Instruction ID: da72dfc08c07dcd81182a3e6853425a3326de50cb12d6b4771d8ea0ee67409b7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16063fd23167901520fe812dc86d0fa043d531f97f4c5e7b8afc5b585fa53303
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD31C472A01219ABCB12DF94DC41AFFB3ACEF48310F040069F909E6181DB35DE858BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00302460 Relevance: 9.1, APIs: 6, Instructions: 95sleepfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000), ref: 003024E6
                                                                                                                                                                                                                                                                  • SetEndOfFile.KERNELBASE(?), ref: 003024F1
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003024FB
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00302530
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(000003E8,00000000), ref: 00302554
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00000000), ref: 00302565
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$File$PointerSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3209234422-0
                                                                                                                                                                                                                                                                  • Opcode ID: 74fc80bea29d28b93807396613bab18cc070c74b3ad2af6443cb9c9436683abf
                                                                                                                                                                                                                                                                  • Instruction ID: 7d833ec6e8eb798f13116c5c5a02bf616dfa2d5530654d25c080998d145e71af
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74fc80bea29d28b93807396613bab18cc070c74b3ad2af6443cb9c9436683abf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC316B75D01208ABDB12DFA9DCA87AEFBB8FF49710F114119E815A7290DB349941CFA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030B630 Relevance: 6.2, APIs: 4, Instructions: 243COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,?,0030B1FF), ref: 0030B73D
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000010,00000000,?,0030B1FF), ref: 0030B776
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000,?,0030B1FF), ref: 0030B829
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,0030B1FF,00000000,00000000,00000000,?,0030B1FF), ref: 0030B867
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 626452242-0
                                                                                                                                                                                                                                                                  • Opcode ID: 02211e56a0b5045c5d7fa86c919ee53bb5af0a19d4faf83a29741d1015687f0d
                                                                                                                                                                                                                                                                  • Instruction ID: 31ddc2cc4368b6d720253cdc2575ab6c5017b568a420da05a7a83e12cdefdd30
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02211e56a0b5045c5d7fa86c919ee53bb5af0a19d4faf83a29741d1015687f0d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9091A035A02209DFDB12CF68C894B9DF7B9FF84714F248559E815AB3E1DB71A902CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00304420 Relevance: 3.0, APIs: 2, Instructions: 29threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,reloc_00004190,?,00000000,?), ref: 0030444A
                                                                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00304455
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ChangeCloseCreateFindNotificationThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4060959955-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4668a89cfd5317c812f276f967f17d2e1b8101994d3e53b4e5d5d8073f63f32c
                                                                                                                                                                                                                                                                  • Instruction ID: 1100e936715fb22043e37d09d65dbe5950311665ca0a47ae6ee6214a42cab361
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4668a89cfd5317c812f276f967f17d2e1b8101994d3e53b4e5d5d8073f63f32c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8F0A770601208BFDB26DFA4EC15FAD7BB8EB04701F40405CF90A961D1DB746B85C750
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031B366 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 0031A002: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003188EA,00000001,00000364,?,00312830,?,?,?,?,?,00307BBD,?), ref: 0031A043
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B3D2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 614378929-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                                                                                                                  • Instruction ID: b799e61d46f6322b8a48db54c06f7084d928105e3f5413af2b60301140f03009
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2264b8dc440bd836ca5efdcdcc207cde03cd0b5dfc6e4b607fc2e260d0dd6cb0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E001DB762003056BE7268F569C41999FBD9EB8D370F250A1DE59487280EB7068858674
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031A002 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003188EA,00000001,00000364,?,00312830,?,?,?,?,?,00307BBD,?), ref: 0031A043
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                  • Opcode ID: d9a42f2f4973a37f810ed6992b1fcdf9f730204e51b176669480e92377e7041d
                                                                                                                                                                                                                                                                  • Instruction ID: d70ee747e68d1a82e8f423c202b78a8a1a4871b1be737548b3a0916e29b13c03
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9a42f2f4973a37f810ed6992b1fcdf9f730204e51b176669480e92377e7041d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDF0E931607D2467DB3B5A229C05ADB375CBF4DB71F158115F804DA181DA20DDC182E2
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103A9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 51ba54ca3b5ef6dbee93de5ed0cd695fd001d93ce4adc6f971cec3d3717edfee
                                                                                                                                                                                                                                                                  • Instruction ID: 22baa3bf8449e2176f2a35fb35e25b8993430ffbfe5cf6881fe0343609f02327
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51ba54ca3b5ef6dbee93de5ed0cd695fd001d93ce4adc6f971cec3d3717edfee
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0B012BA35D2217DF10F1140BD17CB6035CC0C0F11330C43AF800C4082E4806C810031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00310388 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103A0
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: dc56c7de09bda330f2e3531ec31485a421469ce65f0c114b09c4df58783922f5
                                                                                                                                                                                                                                                                  • Instruction ID: e9ac53e48cca0c19967f1b3630c7d92d7df3d7d8fd4ead55a2ffb828533ba2db
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc56c7de09bda330f2e3531ec31485a421469ce65f0c114b09c4df58783922f5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55B092A9699211ADA12E32007806DB6021CC0C0F11320883AF04094082A48028801031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8eea8315ec1dd993c993fc3ba4140a45f544d7da6e54bab982c27fb3fc6cf962
                                                                                                                                                                                                                                                                  • Instruction ID: 902de6980109b009b112a95a4f5449aca093c36466a67758ade2941b42ac79f9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8eea8315ec1dd993c993fc3ba4140a45f544d7da6e54bab982c27fb3fc6cf962
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57B012BD35D1216DF10F51447F17CB603DCC0C4B11730C43AF400C4183E4806C820031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103E2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: b47217303d784e512652f3f31ca235f2b029190806086b5547398c9c784007d3
                                                                                                                                                                                                                                                                  • Instruction ID: b56e343062dd0c7c10b069de118feba258f5a7204d1d8a97deb57f7442ed4192
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b47217303d784e512652f3f31ca235f2b029190806086b5547398c9c784007d3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FB012AD35F1216DF10F51447F17CB6035CC0C4B51330C43AF400C8182E4802C830131
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: ee0e2fdde53602a74c7b24f18896ec450e3400e5d9249cb59ee1a6fadf532af0
                                                                                                                                                                                                                                                                  • Instruction ID: 332c3f870d6d63e3a9dcb03483d48f9869df1953d700ef15b4ce46809d7d3705
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee0e2fdde53602a74c7b24f18896ec450e3400e5d9249cb59ee1a6fadf532af0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47B012BA35E2216DF20F51447D17CB6039CC0C4B11330C53AF400C4182E4802CC60131
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103D8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 78bec89d9957cd90613a1dde5c99f84905a1474010e647c2049bbf7980c09887
                                                                                                                                                                                                                                                                  • Instruction ID: 0637e3dd09dafa67706dbb1d11b3682c1e899ca8a43212d2e2ca571caa009a0e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78bec89d9957cd90613a1dde5c99f84905a1474010e647c2049bbf7980c09887
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62B012A976F1216DF10F51447D17DB6035CD4C4F15330C43AF400C4182E4802C820131
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8e4aa80cffbb6f2fb17d597e045bf18e55fa90ce03b09259d60d2c7004f72c27
                                                                                                                                                                                                                                                                  • Instruction ID: f95ba5b6a9140eb0f7c7630b7ea2c8a06076326a4c17f01b7a01104babe8a91b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e4aa80cffbb6f2fb17d597e045bf18e55fa90ce03b09259d60d2c7004f72c27
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54B012AD35D2216DF20F51447D17CB603DCC0C4B11330C53BF400C4182E4806CC50031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003103CE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 08194943734b157f19621fc3d018576a8dc1f949d87320caae49a8d1826f2ddf
                                                                                                                                                                                                                                                                  • Instruction ID: f2c62baabcfd4a41f4eb0285e80ed8316fc943b7a1483a70b870dbab73b1b639
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08194943734b157f19621fc3d018576a8dc1f949d87320caae49a8d1826f2ddf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAB012A935D121ADF10F51547D17CB6039CC1C4B21330C43AF800C4182E5806C810031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00310414 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4807594b2bc24766351176e3846ff1cb4e1c163443e7b60e2a5bbdb85259200b
                                                                                                                                                                                                                                                                  • Instruction ID: 647eb6471b6bf1f9eb3a640b35e4308b4bb0530d08b71e789fe16d760403b0bd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4807594b2bc24766351176e3846ff1cb4e1c163443e7b60e2a5bbdb85259200b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AB012A935D121ADF11F62447D17DF7035CC1C4F11330C43AF800C4182E4806C812031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00310400 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: c7f687fc679381559c2e72eb792f9edcd247b3a85a5e53f4f13d66bd665b2be9
                                                                                                                                                                                                                                                                  • Instruction ID: b903a70aeba6ebf4354306a3f69f477285968c58b0ca58ba208d30f051817d0a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7f687fc679381559c2e72eb792f9edcd247b3a85a5e53f4f13d66bd665b2be9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAB012A935E121ADF10F51447D17CB6039CC1C4B11330C43AF800C4182E4802CC20131
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031040A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 003103BB
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadAcquireSectionWriteAccess.DELAYIMP ref: 003078D1
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00307939
                                                                                                                                                                                                                                                                    • Part of subcall function 003078C6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?,?,?,?), ref: 0030794A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 697777088-0
                                                                                                                                                                                                                                                                  • Opcode ID: 917da877c0961afceaad4f8cb11317d5697ddc80b7bec3cbe6538776b993ba5d
                                                                                                                                                                                                                                                                  • Instruction ID: ad7e1966403cef9d64a30e7301c6b76431c3fe852eb314d7253fdd34914d2fa3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 917da877c0961afceaad4f8cb11317d5697ddc80b7bec3cbe6538776b993ba5d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1B012A975D2216DF31F62447D17DB7039CC0C4F11330C53AF400C4182E4802CC51031
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00303FC0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumResourceNamesW.KERNELBASE(00300000,0000000A,00302B80,?,?,?,?,?), ref: 00303FD2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumNamesResource
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3334572018-0
                                                                                                                                                                                                                                                                  • Opcode ID: 29175f51d622c1c1360189fae7a2509cb79d0f243a8f716ad13b287886386848
                                                                                                                                                                                                                                                                  • Instruction ID: d9f63f01e858c8678544c4f9144ffc20de1fcda763b7147b6e4e41fd5e95fb14
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29175f51d622c1c1360189fae7a2509cb79d0f243a8f716ad13b287886386848
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5B09231285308B7CA122A91AC2AFC53B1CA705FA2F004000FA0E140D086A2A12086A6
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 00308DC0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 152encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: lstrcatA.KERNEL32(?, (Prototype),?,34FDA007,?), ref: 00308BF6
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: CryptAcquireContextA.ADVAPI32(?,00000000,?,00000018,F0000040,?,34FDA007,?), ref: 00308C0D
                                                                                                                                                                                                                                                                    • Part of subcall function 00308B60: CryptReleaseContext.ADVAPI32(00000000,00000000,?,34FDA007,?), ref: 00308C25
                                                                                                                                                                                                                                                                  • CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?,34FDA007,?,?,003084E4,?,?,?,?,00321FF9,000000FF), ref: 00308E28
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00321FF9,000000FF), ref: 00308E44
                                                                                                                                                                                                                                                                  • CryptHashData.ADVAPI32(?,?,34FDA007,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308E5B
                                                                                                                                                                                                                                                                  • CryptGetHashParam.ADVAPI32(00000000,00000004,?,?,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308E84
                                                                                                                                                                                                                                                                  • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000,?,00000000,?,?,?,?,?,00321FF9,000000FF), ref: 00308EC8
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(00000000,?,?,?,?,00321FF9,000000FF), ref: 00308EDE
                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308EEE
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to create hash context!,?,?,?,?,00321FF9,000000FF), ref: 00308F17
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308F2F
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to update hash context!,?,0032B0F4,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308F39
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308F51
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to determine digest size!,?,0032B0F4,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308F5B
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308F73
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to retrieve digest!,?,0032B0F4,00000000,?,?,?,?,00321FF9,000000FF), ref: 00308F7D
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308F95
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to create hash context!, xrefs: 00308F12
                                                                                                                                                                                                                                                                  • Unable to update hash context!, xrefs: 00308F34
                                                                                                                                                                                                                                                                  • Unable to retrieve digest!, xrefs: 00308F78
                                                                                                                                                                                                                                                                  • Unable to determine digest size!, xrefs: 00308F56
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Crypt$Hash$ErrorException@8LastThrow$Context$DestroyParamRelease$AcquireCreateDatalstrcat
                                                                                                                                                                                                                                                                  • String ID: Unable to create hash context!$Unable to determine digest size!$Unable to retrieve digest!$Unable to update hash context!
                                                                                                                                                                                                                                                                  • API String ID: 827938544-872507617
                                                                                                                                                                                                                                                                  • Opcode ID: 92653b504a7b8a446fc1a8a2324ca2c445567c0815e45797ff056f103b264a1f
                                                                                                                                                                                                                                                                  • Instruction ID: 6825095d46b7031772b353333907cf05dd343eaf24bc2318ac0ae369f7c4b141
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92653b504a7b8a446fc1a8a2324ca2c445567c0815e45797ff056f103b264a1f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2512A71A01209ABDB12EFA5DC55FEEBBBCFF08700F104119F511B6190DB78AA45CB65
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003090E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptGetHashParam.ADVAPI32(?,00000004,0000800C,003084E4,00000000,34FDA007,?,?,?,00000000), ref: 00309135
                                                                                                                                                                                                                                                                  • CryptGetHashParam.ADVAPI32(?,00000002,00000000,0000800C,00000000,0000800C,00000000,?), ref: 0030917C
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to determine digest size!), ref: 003091AA
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 003091C2
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to retrieve digest!,?,0032B0F4,00000000), ref: 003091CC
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 003091E4
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to retrieve digest!, xrefs: 003091C7
                                                                                                                                                                                                                                                                  • Unable to determine digest size!, xrefs: 003091A5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CryptErrorException@8HashLastParamThrow
                                                                                                                                                                                                                                                                  • String ID: Unable to determine digest size!$Unable to retrieve digest!
                                                                                                                                                                                                                                                                  • API String ID: 2498184597-199986585
                                                                                                                                                                                                                                                                  • Opcode ID: fce7937e894653cd1e8af6b77928e6408efd25d1850924f2c892fef960f9abf4
                                                                                                                                                                                                                                                                  • Instruction ID: b5acd076c7677d256c05e33af48922c364c2587beba8c15198e2c505a18eff8b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fce7937e894653cd1e8af6b77928e6408efd25d1850924f2c892fef960f9abf4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4314BB1A00209ABDB22DF94DC45FEEBBBCFF08B10F10451AF501A7280DB756A45CBA4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031CC0E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                  • Opcode ID: 1cd12112e58941b1f3affeda202e4ee7fa936b1cfdcfcf5773aaaadb91e471b0
                                                                                                                                                                                                                                                                  • Instruction ID: 21f2ae55ee4045e77d2d1de953baa248aa0c115b1fc5caee8aac340c2ee1faef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cd12112e58941b1f3affeda202e4ee7fa936b1cfdcfcf5773aaaadb91e471b0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14C23E71E086288FDB2ACE28DD407E9B7B9EB49305F1545EAD44DE7240E775AEC18F40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00309270 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptHashData.ADVAPI32(?,?,?,00000000), ref: 00309282
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to update hash context!), ref: 00309297
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 003092AF
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to update hash context!, xrefs: 00309292
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CryptDataErrorException@8HashLastThrow
                                                                                                                                                                                                                                                                  • String ID: Unable to update hash context!
                                                                                                                                                                                                                                                                  • API String ID: 913647941-2364437153
                                                                                                                                                                                                                                                                  • Opcode ID: efb2a62897ef19cbbe7c06daffa062a421d42d8d4817fad09a91645326cb7c25
                                                                                                                                                                                                                                                                  • Instruction ID: b1523b5d8ef12019390849adc3779518bcba6dbcda6d2b28ceb0c7f410591a0d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efb2a62897ef19cbbe7c06daffa062a421d42d8d4817fad09a91645326cb7c25
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E048316401087BD712BF94DC06FFE776CBB04700F008559FA2595091DB32F5158795
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030EB80 Relevance: 5.2, APIs: 4, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 0030EDD4
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0030EDDB
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?), ref: 0030EDF8
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?), ref: 0030EDFF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                  • Opcode ID: c9dc2c25d6ce2674e13aa8bf568f466734fec0eca73baa19f1a1c550e9767124
                                                                                                                                                                                                                                                                  • Instruction ID: c19792c0c3839cc7fa2b1c80c9aec03a12221c6103a5449aeecb1bc0b2cf9714
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9dc2c25d6ce2674e13aa8bf568f466734fec0eca73baa19f1a1c550e9767124
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7718172E012199BDF22DBE4CC91AEFB3BCAF18310F054529ED01F7281E77999458BA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00314206 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 003142FE
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00314308
                                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00314315
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3e3a3627ed343fb01fe44cda4a4b8046ddead94f13761fa588cf6d850c3d9251
                                                                                                                                                                                                                                                                  • Instruction ID: d85a35bee57f1fd7d2b548fecb4a1f57d974a870636d04431e2cff13f2d11df8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e3a3627ed343fb01fe44cda4a4b8046ddead94f13761fa588cf6d850c3d9251
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0731D375941218ABCB26DF24D8897DCBBB8BF0C310F5041DAE51CA6261E7709FD58F44
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003179EA Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,003179C0,00000000,0032B9D8,0000000C,00317B17,00000000,00000002,00000000), ref: 00317A0B
                                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,003179C0,00000000,0032B9D8,0000000C,00317B17,00000000,00000002,00000000), ref: 00317A12
                                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00317A24
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4aca45f3ff1b9577d05f6bbf3a0b3c38ab716d89c490364e7b07bf706fd1a98c
                                                                                                                                                                                                                                                                  • Instruction ID: 942e5cd8ba29b06aa84fa2796479678b04e2b7531acc028971c95b63b0ae6928
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aca45f3ff1b9577d05f6bbf3a0b3c38ab716d89c490364e7b07bf706fd1a98c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DE0B631044248ABDF27AF64DD09ADC3B7EEF58751F454818F8099A232CB39DE86CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031C760 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                                                                                                                  • Instruction ID: 2373bf3ce7de4eb1c12d96221edbcaa52a7e9e845da4b960f7a1a85b28d69ca1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc19ff811716e5acc633d6ea21d52563c799f43d77a3da49040b1faa70805c1c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22023C71E502199BDF19CFA9D8806EDB7F1FF48324F258269D819E7244D731AD41CB84
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030D0E0 Relevance: 2.8, Strings: 2, Instructions: 268COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: <K2`K2$`K2
                                                                                                                                                                                                                                                                  • API String ID: 0-2206182065
                                                                                                                                                                                                                                                                  • Opcode ID: ce56a4af051e16ea040daf072b64476500281f8ba143c77722b446938be93ff2
                                                                                                                                                                                                                                                                  • Instruction ID: ca3591e98a7622d61f09fd34cf92d3bb8439ad33d8adb166f7beecacef2a2f69
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce56a4af051e16ea040daf072b64476500281f8ba143c77722b446938be93ff2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFA1A371E05215CBCB19CFA8D8A19AEF7F9FF48300B14466DE816EB391D730A950CB95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00320FFC Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00320FF7,?,?,00000008,?,?,00320C97,00000000), ref: 00321229
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                  • Opcode ID: da10acec2abbafe90bb90009240ff095a4943ae9370e93e2a642da1c552da84b
                                                                                                                                                                                                                                                                  • Instruction ID: 6d2728e00948964f31d5be03a5ed2e1f005b668023456b7d946e571966644485
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da10acec2abbafe90bb90009240ff095a4943ae9370e93e2a642da1c552da84b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58B1BF31610618DFD71ACF28D58AB647BE0FF14364F268658E99ACF2A1C336E991CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308000 Relevance: 1.5, APIs: 1, Instructions: 34encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptDestroyHash.ADVAPI32(?,34FDA007,?,?,00321E80,000000FF), ref: 00308036
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CryptDestroyHash
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 174375392-0
                                                                                                                                                                                                                                                                  • Opcode ID: 27dd0e708d64fad958042a624906a08c6a3ce3abb8901d5c0213bb28ad02f3c3
                                                                                                                                                                                                                                                                  • Instruction ID: 6b5b2d407b0e8c7f5c695e4bba43e3549450aa150f548af1b700232586267558
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27dd0e708d64fad958042a624906a08c6a3ce3abb8901d5c0213bb28ad02f3c3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF0B471606A04EFD722CF58D910B9AB3FCEB08710F01465EE851D37C0DF75A904C690
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003223F0 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(04EE8960,00000000), ref: 003223FC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 829835001-0
                                                                                                                                                                                                                                                                  • Opcode ID: cc37955018ba4cf689ac7f87d7500bd95bc225ad63d407fcf333e009ebbe1ad7
                                                                                                                                                                                                                                                                  • Instruction ID: 0bddc4370514ecb1d87f46e305869fd433b0efc46b4671a2bdd3d3a7d28183a2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc37955018ba4cf689ac7f87d7500bd95bc225ad63d407fcf333e009ebbe1ad7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20B012707002006BDF32EB33AD09F12326C6700B00F00C0087501D10E0C764D942C530
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308C90 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00308187,00000000,?,?,?,00000000,00000004,?,003084E4,0000800C,34FDA007,?), ref: 00308C98
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ContextCryptRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 829835001-0
                                                                                                                                                                                                                                                                  • Opcode ID: cbff5a7ff7856c1dc3f2e2598d2c2dd497ffd49e0e97347d2efe9523d139c09c
                                                                                                                                                                                                                                                                  • Instruction ID: f5a456cf75036e03a9515cf8c6ae1bbff99878b4356b66e1e1f4ca3c665f7213
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbff5a7ff7856c1dc3f2e2598d2c2dd497ffd49e0e97347d2efe9523d139c09c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15B0123114020CB7C6211B41EC05F45BF2CD710B50F008021F7050407087726521A5B9
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00311022 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00011030,003104E5), ref: 00311027
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                  • Opcode ID: 023264145956adc563692895153bbd26d90ae36dee8a103891502c0a5eea5014
                                                                                                                                                                                                                                                                  • Instruction ID: 28ebba4e959dde32542def6371c0be4cb09a868bbb316477aaef01198f1c9e06
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 023264145956adc563692895153bbd26d90ae36dee8a103891502c0a5eea5014
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00316474 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 95290e7383549214de5ebb12b92558689fc7f16b7fc5a84ff9e1ae2897c19957
                                                                                                                                                                                                                                                                  • Instruction ID: f311876af8dd4bc243347f5f104c5ce12bf764e9e6121d0e6e5e3457c11a9bf8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95290e7383549214de5ebb12b92558689fc7f16b7fc5a84ff9e1ae2897c19957
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B661867160061897DE3F9AE95DA37FE238AEB4E300F16481DE882CF686DA11DDC68355
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003012F0 Relevance: 65.2, APIs: 35, Strings: 2, Instructions: 434windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00301362
                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000002), ref: 0030136A
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00301386
                                                                                                                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 0030138E
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 003013AF
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 003013BB
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 003013C7
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 003013D3
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 003013DF
                                                                                                                                                                                                                                                                  • DestroyWindow.USER32 ref: 003013EB
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 003013F7
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00301403
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 0030140F
                                                                                                                                                                                                                                                                  • DestroyIcon.USER32 ref: 0030141B
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000029,000001F4,000001F4,00000000), ref: 00301460
                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 0030146A
                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00301491
                                                                                                                                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 003014B8
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000064,00000001,00000030,00000030,00000000), ref: 00301669
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,STATIC,00000000,50000003,00000010,00000010,00000030,00000030,?,00000000,00000000), ref: 00301695
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000001), ref: 003016AE
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000050,?,?,?,?,00000000,00000000), ref: 003016ED
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00301703
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,STATIC,?,50000000,?,?,?,?,?,00000000,00000000), ref: 00301746
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,STATIC,?,50000000,00000010,?,?,?,?,00000000,00000000), ref: 00301787
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000), ref: 003017A2
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000), ref: 003017B8
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B10: LoadStringW.USER32(00300000,00000000,00000000,00000000), ref: 00303B35
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010001,00000010,?,?,?,?,00000000,00000000), ref: 00301810
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,BUTTON,00000000,50010000,?,?,?,?,?,00000000,00000000), ref: 00301851
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000), ref: 0030186C
                                                                                                                                                                                                                                                                  • SendMessageW.USER32(00000030,00000000), ref: 00301882
                                                                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00301898
                                                                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 003018EB
                                                                                                                                                                                                                                                                  • SetFocus.USER32 ref: 003018F7
                                                                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 0030190C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CreateDestroy$Message$Send$DeleteFontIndirectObject$InfoLoadParametersPostQuitSystem$FocusIconImageProcString
                                                                                                                                                                                                                                                                  • String ID: BUTTON$STATIC
                                                                                                                                                                                                                                                                  • API String ID: 2791220612-3385952364
                                                                                                                                                                                                                                                                  • Opcode ID: 6930062ee6c28d65197d7ffabfa96c08b1391ea06127057710da99dba9f0128d
                                                                                                                                                                                                                                                                  • Instruction ID: 1d8ee6da6e1f9ea8a6f1bdb4328520639a4953618aeefb53deff3d32b42363ec
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6930062ee6c28d65197d7ffabfa96c08b1391ea06127057710da99dba9f0128d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B02AF71A41318EFDB329F64EC59BA9BB7DFB48700F10469DF609A62A0D7716A81CF10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00301BF0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 128windowregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • #17.COMCTL32(34FDA007), ref: 00301C33
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000040), ref: 00301C6A
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,00007F00,00000002,00000000,00000000,00008000), ref: 00301C85
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B10: LoadStringW.USER32(00300000,00000000,00000000,00000000), ref: 00303B35
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000032), ref: 00301CAE
                                                                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000031), ref: 00301CB8
                                                                                                                                                                                                                                                                  • LoadImageW.USER32(?,00000064,00000001,00000000,00000000,00000000), ref: 00301CC7
                                                                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00301CE3
                                                                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,?,00000000,90880000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00301D05
                                                                                                                                                                                                                                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00301D1B
                                                                                                                                                                                                                                                                  • IsDialogMessageW.USER32(00000000,?), ref: 00301D2F
                                                                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00301D3D
                                                                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00301D47
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LoadMessage$Image$MetricsSystem$ClassCreateDialogDispatchRegisterStringTranslateWindow
                                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                                  • API String ID: 2026041735-4108050209
                                                                                                                                                                                                                                                                  • Opcode ID: dce1f4f212db448da1d8fbf7777124e2da957488f4554d4af303898585d1e834
                                                                                                                                                                                                                                                                  • Instruction ID: 16cae48744acf744598d842c9f9a1e82dfceb9fc255ecf6dc7bb3ad4974ee307
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dce1f4f212db448da1d8fbf7777124e2da957488f4554d4af303898585d1e834
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5414171A41308FFEB219FA4DC5ABAEBB7CFB04710F104519F605AA2D0D7745A45CB54
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031B937 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 0031B97B
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B60B
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B61D
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B62F
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B641
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B653
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B665
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B677
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B689
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B69B
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B6AD
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B6BF
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B6D1
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B5EE: _free.LIBCMT ref: 0031B6E3
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B970
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: HeapFree.KERNEL32(00000000,00000000,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?), ref: 00318B8F
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: GetLastError.KERNEL32(?,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?,?), ref: 00318BA1
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B992
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B9A7
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B9B2
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B9D4
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B9E7
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B9F5
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031BA00
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031BA38
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031BA3F
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031BA5C
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031BA74
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7fc78868fd75926bf9221fdf48e8b7fdd5d1e39ace85ba6cdc9ec6c7f4a8ecd6
                                                                                                                                                                                                                                                                  • Instruction ID: 8e87484d658558fe8d06eb81e134733d263f68f7d08e5b5c599c449985935750
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fc78868fd75926bf9221fdf48e8b7fdd5d1e39ace85ba6cdc9ec6c7f4a8ecd6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1314B71604304EFEB2AAB79EC45BD6B3E9EF09350F15841AE048DB2A1DF35ADD08714
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00305515 Relevance: 16.7, APIs: 11, Instructions: 166synchronizationfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00307E60: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00307E7B
                                                                                                                                                                                                                                                                    • Part of subcall function 00307E60: GetProcAddress.KERNEL32(00000000), ref: 00307E82
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000000C1), ref: 00305573
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000000), ref: 00305582
                                                                                                                                                                                                                                                                  • CreateMutexW.KERNELBASE(00000000,00000001,00000000), ref: 003055B9
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 003055C9
                                                                                                                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,00000420), ref: 003055E2
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003073C3
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003073D4
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003073E5
                                                                                                                                                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 00307481
                                                                                                                                                                                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 00307493
                                                                                                                                                                                                                                                                  • CreateHardLinkW.KERNEL32(?,00000000,00000000), ref: 003074CF
                                                                                                                                                                                                                                                                  • CopyFileW.KERNEL32(00000000,?,00000000), ref: 003074E7
                                                                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(?), ref: 003074F8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 003074FF
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: #17.COMCTL32 ref: 00303B64
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: LoadStringW.USER32(00300000,000003E9,?,00000000), ref: 00303B81
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: LoadStringW.USER32(00300000,?,?,00000000), ref: 00303B9A
                                                                                                                                                                                                                                                                    • Part of subcall function 00303B50: MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00303BAF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Handle$Close$ExchangeInterlocked$CreateLoadMutexString_wcsrchr$AddressCopyErrorFileHardLastLinkMessageModuleProcRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3636221856-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2e8ddc3162e96bf6a7f64940dd3c345aeb7a2a5e0731a0bcd6241eeedf5e785e
                                                                                                                                                                                                                                                                  • Instruction ID: 7fe828c56f140b0aa24986c6ad4648e6e7c19d90abb5bd5844e45266f0a0d2ad
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e8ddc3162e96bf6a7f64940dd3c345aeb7a2a5e0731a0bcd6241eeedf5e785e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E515A71E162289BEB26EB60DC69FDE7778AB04704F0005E5E509A71C2DF34AF848F61
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00301FD0 Relevance: 15.1, APIs: 10, Instructions: 128COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00824049), ref: 00302034
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00362620), ref: 00302055
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00DBDBDA), ref: 00302067
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00F67000), ref: 00302077
                                                                                                                                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00302087
                                                                                                                                                                                                                                                                  • FillRect.USER32(?,?), ref: 003020D0
                                                                                                                                                                                                                                                                  • FillRect.USER32(?,?), ref: 003020FA
                                                                                                                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00302107
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(003F382C), ref: 0030213D
                                                                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00FF9640), ref: 00302179
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: BrushCreateSolid$FillPaintRect$Begin
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2220257389-0
                                                                                                                                                                                                                                                                  • Opcode ID: 892b8fe6532b56971f865b2764af2f5245093cead0d59895cdaac55756860e4a
                                                                                                                                                                                                                                                                  • Instruction ID: dbbc5c3b36661532589f218ea08a359422285c3a474d921352001d8175a0878f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 892b8fe6532b56971f865b2764af2f5245093cead0d59895cdaac55756860e4a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F55173B5A01304DFDB26DFA8EC998AEB7B8FB08310F10451EF916D72A0D730A985CB51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00318741 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318755
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: HeapFree.KERNEL32(00000000,00000000,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?), ref: 00318B8F
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: GetLastError.KERNEL32(?,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?,?), ref: 00318BA1
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318761
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031876C
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318777
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318782
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031878D
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318798
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003187A3
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003187AE
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003187BC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3c6db2210c9a28ccf92abe105f19a10cc08156d913ab3a098b1880191bbc82f8
                                                                                                                                                                                                                                                                  • Instruction ID: 7e81f6a8be01e7a6bfb7a75c3f5c0443baea083f83f501f96dcbd5abbe228d4d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c6db2210c9a28ccf92abe105f19a10cc08156d913ab3a098b1880191bbc82f8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C31189B6514208FFCB0AEF95DD42CDD3BA5EF08390B5180A5BA084F272DA35DED09B84
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00307E60 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2), ref: 00307E7B
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00307E82
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?), ref: 00307EB1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to determine native architecture of the system!, xrefs: 00307EE1
                                                                                                                                                                                                                                                                  • kernel32, xrefs: 00307E76
                                                                                                                                                                                                                                                                  • IsWow64Process2, xrefs: 00307E71
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                                                  • String ID: IsWow64Process2$Unable to determine native architecture of the system!$kernel32
                                                                                                                                                                                                                                                                  • API String ID: 4190356694-2412497375
                                                                                                                                                                                                                                                                  • Opcode ID: e5ef6531d78ee8c9517ec7bb947b9a48667881103579004a8677d00c8077bb26
                                                                                                                                                                                                                                                                  • Instruction ID: 64e3b359d5c55f1ad3e3ecf63273bcfe4ace011e29324c9def8883a7c07906be
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5ef6531d78ee8c9517ec7bb947b9a48667881103579004a8677d00c8077bb26
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2211A531E01318ABCB16EBF4ED159DE77BCAF08710B00459AE906D7191DF386A85CB95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031908C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                  • String ID: Je1$Je1$Je1
                                                                                                                                                                                                                                                                  • API String ID: 1036877536-332533185
                                                                                                                                                                                                                                                                  • Opcode ID: e0676be0362ed0ade218a25a844eae0412e1f566dae5791301dbea5320cdc3fa
                                                                                                                                                                                                                                                                  • Instruction ID: 0d538ebeb828ca320b659c7facd2990d700b8764ea44f4514161e37c945ccfea
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0676be0362ed0ade218a25a844eae0412e1f566dae5791301dbea5320cdc3fa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDA14936904386AFDB1B8F18C8A17EEBBE5EF6D350F19456BE4959B281C2348DC2C750
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00301100 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59memorystringCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00301115
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 0030111F
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000100), ref: 00301157
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 0030115E
                                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000060), ref: 0030116D
                                                                                                                                                                                                                                                                  • lstrcpyW.KERNEL32(?,\b86362a5.exe), ref: 00301187
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$AllocProcess$DirectorySystemlstrcpy
                                                                                                                                                                                                                                                                  • String ID: \b86362a5.exe
                                                                                                                                                                                                                                                                  • API String ID: 2190664303-3123522761
                                                                                                                                                                                                                                                                  • Opcode ID: 74938367f28f8c40f53c3f131be963aa793f855ea2b61ddb6fe80bc6877170cd
                                                                                                                                                                                                                                                                  • Instruction ID: 68855124f9ca3ff9d1180fe07d0a738a27beae32a600dce18c32992623cbc10b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74938367f28f8c40f53c3f131be963aa793f855ea2b61ddb6fe80bc6877170cd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E811E371901712ABD3269FAADC45A96BBACFF18710F45401DFA0687690EB74E860C7F4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00318C3A Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,?,?,?,?,00318E8B,00000001,00000001,8B000053), ref: 00318C94
                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00318CCC
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00318E8B,00000001,00000001,8B000053,34FDA007,?,?), ref: 00318D1A
                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00318DB1
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,34FDA007,8B000053,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00318E14
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00318E21
                                                                                                                                                                                                                                                                    • Part of subcall function 00318BB3: HeapAlloc.KERNEL32(00000000,?,?,?,00312830,?,?,?,?,?,00307BBD,?,?), ref: 00318BE5
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00318E2A
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00318E4F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2597970681-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6a853b4f2f1707dee0cdaca129e0d92f956b7e26f769858b4bd3bc4c85b3d81a
                                                                                                                                                                                                                                                                  • Instruction ID: a24ed74cde1eed0b65f3ecfe11fc2ffc2f465d33156467b8f2988d2845a3d2d0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a853b4f2f1707dee0cdaca129e0d92f956b7e26f769858b4bd3bc4c85b3d81a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5519272600216ABDB2A9F64DC81EEB77AAEB5C750F164629FC05DA180DF34DC9086A4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031EC6D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0031F3E2,00000000,00000000,00000000,00000000,00000000,?), ref: 0031ECAF
                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 0031ED2A
                                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 0031ED45
                                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0031ED6B
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,0031F3E2,00000000,?,?,?,?,?,?,?,?,?,0031F3E2,00000000), ref: 0031ED8A
                                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000001,0031F3E2,00000000,?,?,?,?,?,?,?,?,?,0031F3E2,00000000), ref: 0031EDC3
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5643d9111414b445be5f0fc005da7dd2327ca964aa1b4cfc9d36af2e06fa1e20
                                                                                                                                                                                                                                                                  • Instruction ID: e8f0f30ae05f5d17f20c62193a626f21da4e1f98907812fb0f4e2e2d58eba063
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5643d9111414b445be5f0fc005da7dd2327ca964aa1b4cfc9d36af2e06fa1e20
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2510671A002499FDB16CFA8DC45AEEBBF9FF0C300F14451AE951E7291D731A991CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00311B10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00311B3B
                                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00311B43
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00311BD1
                                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00311BFC
                                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00311C51
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                  • Opcode ID: 03430f45f19ed65a482397329873358ae6de6920c2cc8118002aa2f4aa6eb89c
                                                                                                                                                                                                                                                                  • Instruction ID: 9a3140a7bae65dd38f76ebe14d03b351b23e79e7653f395e511ef53eea76265b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03430f45f19ed65a482397329873358ae6de6920c2cc8118002aa2f4aa6eb89c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0041E334A04208ABCF1ADF29CC40ADEBBA5BF48324F15C155EA155B391E731DE95CBD0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030D600 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___from_strstr_to_strchr.LIBCMT ref: 0030D6AA
                                                                                                                                                                                                                                                                    • Part of subcall function 00307B80: ___std_exception_copy.LIBVCRUNTIME ref: 00307BB8
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0030D737
                                                                                                                                                                                                                                                                    • Part of subcall function 00311DCA: RaiseException.KERNEL32(?,?,Q~0,?,?,?,?,?,?,?,?,00307E51,?,0032B0F4,00000000), ref: 00311E2A
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 0030D752
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Exception@8Throw$ExceptionRaise___from_strstr_to_strchr___std_exception_copy
                                                                                                                                                                                                                                                                  • String ID: 0123456789ABCDEF$Unable to convert invalid hexadecimal character!$Unable to convert invalid hexadecimal string!
                                                                                                                                                                                                                                                                  • API String ID: 2723989866-230084144
                                                                                                                                                                                                                                                                  • Opcode ID: 5540b78294f3e17cd6518467ee2c1771d02a207797f4ac5943b7054375fb9929
                                                                                                                                                                                                                                                                  • Instruction ID: 4ce7e2f586e7a91f3105136a76e04ffde963df302a52da2043c8406f000041c8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5540b78294f3e17cd6518467ee2c1771d02a207797f4ac5943b7054375fb9929
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F941C070A01649AFCB12CFA8D4A1BEEFBF8EF04710F108519E555AB6C1E775E944CB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00303260 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FindResourceW.KERNEL32(00300000,EDAT_ECOO,0000000A), ref: 00303274
                                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00300000,00000000), ref: 0030328B
                                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00300000,00000000), ref: 00303299
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Resource$FindLoadSizeof
                                                                                                                                                                                                                                                                  • String ID: $@$EDAT_ECOO
                                                                                                                                                                                                                                                                  • API String ID: 507330600-2393187713
                                                                                                                                                                                                                                                                  • Opcode ID: e48a847c4b7489d593f2990bee73ea4ec239b85ce73cacb73971418100641d36
                                                                                                                                                                                                                                                                  • Instruction ID: aaf25e71360044e1587a534a219d82b442acccc08840f98db939767800633a41
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e48a847c4b7489d593f2990bee73ea4ec239b85ce73cacb73971418100641d36
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19316E32A11B5297DB368F78C8E666673A9BF45340B064B6EF44697182EF60BB844340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031B791 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 0031B755: _free.LIBCMT ref: 0031B77E
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B7DF
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: HeapFree.KERNEL32(00000000,00000000,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?), ref: 00318B8F
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: GetLastError.KERNEL32(?,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?,?), ref: 00318BA1
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B7EA
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B7F5
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B849
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B854
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B85F
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B86A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                                                                                                                  • Instruction ID: 4a36cb2f9fa90cee66b2b1a0b3c104d6a50425485b9657616a869ee9d37961b4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc5d96b687ae4ce69053fd4d6e2136e2519ea8f0b48376b875dcd5d2fa60128c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE11D071544B08BAD726BBB0CC47FCBB79CAF49700F404815B299AE1D2EB79B9948790
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00312D8A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00312D81,00311FA5), ref: 00312D98
                                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00312DA6
                                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00312DBF
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,00312D81,00311FA5), ref: 00312E11
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                  • Opcode ID: 03be40ab6edace52c2c23624612b53dc31db6d5f04809461715cccc67c8c0a77
                                                                                                                                                                                                                                                                  • Instruction ID: 79a206af9debb682fb2d06cfb34c3f1de4d9be288894d82b3cc3786e8363a8ac
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03be40ab6edace52c2c23624612b53dc31db6d5f04809461715cccc67c8c0a77
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6101D4323083125EAA3F2BB4BC85EEB2A48EB4D770F30022DF520590F1EF164DA355A4
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00318835 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00314BA1,?,?,?,00315079,34FDA007,00000000,?,0030D6A4,0123456789ABCDEF,34FDA007,?,?,00000000), ref: 00318839
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031886C
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318894
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00315079,34FDA007,00000000,?,0030D6A4,0123456789ABCDEF,34FDA007,?,?,00000000,003084C2), ref: 003188A1
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00315079,34FDA007,00000000,?,0030D6A4,0123456789ABCDEF,34FDA007,?,?,00000000,003084C2), ref: 003188AD
                                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 003188B3
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                  • Opcode ID: 94090d68d52947cac3a9f183b1c7f4e7b1ea873d219f5e8cb4b72ec83526a7c4
                                                                                                                                                                                                                                                                  • Instruction ID: 9cb73f0c0e7cbaf4eaf06e277871fc920e1de994f20a6e0f0b6a4f807bb16635
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94090d68d52947cac3a9f183b1c7f4e7b1ea873d219f5e8cb4b72ec83526a7c4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EF0A4356447002AC22F3328BC46EDB252D9BCE761F654128F525DA2E6EF2588C34128
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to decode base64 string!), ref: 00308D77
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308D8F
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to decode base64 string!,?,0032B0F4,00000000), ref: 00308D99
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308DB1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorException@8LastThrow
                                                                                                                                                                                                                                                                  • String ID: Unable to decode base64 string!
                                                                                                                                                                                                                                                                  • API String ID: 1006195485-979745446
                                                                                                                                                                                                                                                                  • Opcode ID: 781f43ef857b61ca26f68b6011652bf32cf90c533acc0bc201b4a1ae22a534e8
                                                                                                                                                                                                                                                                  • Instruction ID: d7cb81b3e99fd4be8d676bb5ceb390d335f5391e3b5210a3bc0c7ec0ab4983dc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 781f43ef857b61ca26f68b6011652bf32cf90c533acc0bc201b4a1ae22a534e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F314A71A40219BBDB22DF95DC46FEEB7B8FB08B10F104119F511A72C0DBB46545CB65
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00303BD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00303BD5
                                                                                                                                                                                                                                                                    • Part of subcall function 0031032D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00310339
                                                                                                                                                                                                                                                                    • Part of subcall function 0031032D: __CxxThrowException@8.LIBVCRUNTIME ref: 00310347
                                                                                                                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00303BE5
                                                                                                                                                                                                                                                                    • Part of subcall function 0031034D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00310359
                                                                                                                                                                                                                                                                    • Part of subcall function 0031034D: __CxxThrowException@8.LIBVCRUNTIME ref: 00310367
                                                                                                                                                                                                                                                                    • Part of subcall function 0031034D: ___delayLoadHelper2@8.DELAYIMP ref: 0031037F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Exception@8ThrowXinvalid_argumentstd::_std::invalid_argument::invalid_argument$Helper2@8Load___delay
                                                                                                                                                                                                                                                                  • String ID: invalid string_view position$string too long$vector<T> too long
                                                                                                                                                                                                                                                                  • API String ID: 1134749845-2832074639
                                                                                                                                                                                                                                                                  • Opcode ID: ce0961231b02cc161bd89fe76123a7f6c614043694f2b8db4574ae3a806ee7df
                                                                                                                                                                                                                                                                  • Instruction ID: 3fb91ee2ea4d00440a3ae2e71f4f47c45e59a177693dad15c96a8a4588141a64
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce0961231b02cc161bd89fe76123a7f6c614043694f2b8db4574ae3a806ee7df
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BF05CB12002084BE70EF774AC179E833899D493307200B2AF435CE4E2CBA4DBC54101
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00317A6F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00317A20,00000000,?,003179C0,00000000,0032B9D8,0000000C,00317B17,00000000,00000002), ref: 00317A8F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00317AA2
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00317A20,00000000,?,003179C0,00000000,0032B9D8,0000000C,00317B17,00000000,00000002), ref: 00317AC5
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                  • Opcode ID: f473d63633ce6d59dbd4acbf08afdc52668ccd6bad533094bd36e16dc55cf3d7
                                                                                                                                                                                                                                                                  • Instruction ID: 1cac1751d1041afa2c91408c8fe4cb5ca041cb42a7ae9eb504706db98cd928b3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f473d63633ce6d59dbd4acbf08afdc52668ccd6bad533094bd36e16dc55cf3d7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DF04F30A14218BBDB27AF94EC19BDEBFB8EF08711F054168F805A6260DB755F81CA90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00317F6B Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 269201875-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4eff6c6cdf248d444bc2bf5518655933d210178c2252702074da66cd5225a682
                                                                                                                                                                                                                                                                  • Instruction ID: aabc22b261c57962e8feb17de3838a824b1f01a221caf55dc56be1e7f46651f9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eff6c6cdf248d444bc2bf5518655933d210178c2252702074da66cd5225a682
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE41E472A00304AFCB29DF78C880A9AB7B5EF8C714F164569E515EB351DB31ED86CB84
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00319E0D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(34FDA007,00000000,8B000053,0030D6A4,00000000,00000000,?,?,?,34FDA007,00000001,0030D6A4,8B000053,00000001,?,?), ref: 00319E5A
                                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00319E92
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00319EE3
                                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00319EF5
                                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00319EFE
                                                                                                                                                                                                                                                                    • Part of subcall function 00318BB3: HeapAlloc.KERNEL32(00000000,?,?,?,00312830,?,?,?,?,?,00307BBD,?,?), ref: 00318BE5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1857427562-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7e134f6ce5eec82d616975baff0b1a85b1d7961f1f7568fc7964ddacc003b01a
                                                                                                                                                                                                                                                                  • Instruction ID: acc8047286cfe2a0840eb4e71da4cf114a6cac98a13c511afbffb27fca465029
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e134f6ce5eec82d616975baff0b1a85b1d7961f1f7568fc7964ddacc003b01a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E31D37290021AABDF2ADF64CC91EEE7BA5EB48710F054529FC14DB150DB35DD91CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003188B9 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00314F13,00318BF6,?,?,00312830,?,?,?,?,?,00307BBD,?,?), ref: 003188BE
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003188F3
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031891A
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?), ref: 00318927
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?), ref: 00318930
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                  • Opcode ID: eb4fd575129d2f17bc056f13e8dcd6ceae08d8dbc75e5d0002b32cf3743f9f75
                                                                                                                                                                                                                                                                  • Instruction ID: 3e41179ad08027cb7ca32958b7a0d166f9e5593fbbc3cc59b44f43ad851a7dcc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb4fd575129d2f17bc056f13e8dcd6ceae08d8dbc75e5d0002b32cf3743f9f75
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C01F4722447002BC32F23346C46DEB252EEBCE7B1B220128F515E6296EF758DC24169
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031B6EC Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B704
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: HeapFree.KERNEL32(00000000,00000000,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?), ref: 00318B8F
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: GetLastError.KERNEL32(?,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?,?), ref: 00318BA1
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B716
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B728
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B73A
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 0031B74C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: 86c8ad70bdaa7a0076a81d531cb803637e0faa2ba5671720b3b03adbf223d85d
                                                                                                                                                                                                                                                                  • Instruction ID: da1f405f02cc76a1bca189f1367b1081b9b267d87000ad30571286b88693d883
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86c8ad70bdaa7a0076a81d531cb803637e0faa2ba5671720b3b03adbf223d85d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AEF0EC725142006BC62AEB68F8C6C96B3DDEF4D750B654809F444DB691CB28FCC08664
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003181E0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003181FE
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: HeapFree.KERNEL32(00000000,00000000,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?), ref: 00318B8F
                                                                                                                                                                                                                                                                    • Part of subcall function 00318B79: GetLastError.KERNEL32(?,?,0031B783,?,00000000,?,00000000,?,0031B7AA,?,00000007,?,?,0031BACF,?,?), ref: 00318BA1
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318210
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318223
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318234
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00318245
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                                  • Opcode ID: 99fd92a35bc21f1b896372a03e40ebfdea4c2fef7b640395f4e08034a349f352
                                                                                                                                                                                                                                                                  • Instruction ID: c79692bbfbd589f40cef83adccc4e5ffb23d79fe9717cf1192c49e74c1f16021
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99fd92a35bc21f1b896372a03e40ebfdea4c2fef7b640395f4e08034a349f352
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECF0D0B5814621AFC7276F38FC8288537A8E71D720B16461EF4115A3B1CB7959938FD8
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031729E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\_.exe,00000104), ref: 003172D9
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003173A4
                                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 003173AE
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\_.exe
                                                                                                                                                                                                                                                                  • API String ID: 2506810119-4281909244
                                                                                                                                                                                                                                                                  • Opcode ID: 281d2bf4488537d62583c579f492915d45723ae1cbbab3440e86bdb8fafee514
                                                                                                                                                                                                                                                                  • Instruction ID: 40f814df71a32c2b8d7a84af8e1d33788ed1c86cb66b821c89d94212f5e9b53a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 281d2bf4488537d62583c579f492915d45723ae1cbbab3440e86bdb8fafee514
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8631A675A08214AFCB27DF999C85DDEBBFCEF99310F15405AF8049B211D6B04E81DB90
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00307DC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00307DE4
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(Unable to determine the operating system version!), ref: 00307E2E
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00307E4C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to determine the operating system version!, xrefs: 00307E29
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorException@8LastThrowVersion
                                                                                                                                                                                                                                                                  • String ID: Unable to determine the operating system version!
                                                                                                                                                                                                                                                                  • API String ID: 2663129220-661432720
                                                                                                                                                                                                                                                                  • Opcode ID: b8fb15dd75ad09bd657cc6dc0107198f9c5dd1cb6b5de4e74db1a4d3a20cd7bd
                                                                                                                                                                                                                                                                  • Instruction ID: 1dd80cca9972ce54930f0929086c61b23df2acccb012d7bff712e6e11d84b90d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8fb15dd75ad09bd657cc6dc0107198f9c5dd1cb6b5de4e74db1a4d3a20cd7bd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE012B7091416C56C72BBB65DC215FDBBF8AF08301F4001DDF5D5E2182DA389749CB60
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 003011E0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDC.USER32(?), ref: 00301206
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00301214
                                                                                                                                                                                                                                                                  • GetTextExtentPoint32W.GDI32(?,00000000,-00000002,?), ref: 0030128F
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 003012D5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExtentObjectPoint32ReleaseSelectText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4006923989-0
                                                                                                                                                                                                                                                                  • Opcode ID: 94a4b8a7adffe4e0de7f2ef3d464ff8a3b8b924b9a22fc74b733e299ffc59f79
                                                                                                                                                                                                                                                                  • Instruction ID: 94b87ec0390ffac175ca1072ea2737a65142d3c79eb792cd5b133b37d80332e5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94a4b8a7adffe4e0de7f2ef3d464ff8a3b8b924b9a22fc74b733e299ffc59f79
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9313E75E00218ABCB61DF64DC45ADAB7FDFF49300F14C5A9E949A7200DA34AE868FD0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00313042 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • ___BuildCatchObject.LIBVCRUNTIME ref: 0031305C
                                                                                                                                                                                                                                                                    • Part of subcall function 00312FA9: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00312FD8
                                                                                                                                                                                                                                                                    • Part of subcall function 00312FA9: ___AdjustPointer.LIBCMT ref: 00312FF3
                                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 00313071
                                                                                                                                                                                                                                                                  • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00313082
                                                                                                                                                                                                                                                                  • CallCatchBlock.LIBVCRUNTIME ref: 003130AA
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 737400349-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                                                                                                                  • Instruction ID: 9b225a0ec38af25568533ebb3f2a6bf4ced4d4463fe81babcc28bbf9ae16f4de
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dbbf62a230ce864b2bb52b0cfdce793e84e64ee971ad292059bf22fa32e6a78
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE014C72100108BBDF176E95CC41EEB7B69EF5C754F054118FE486A121C732E9A1DBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0031AF64 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,0031AF0B,?,00000000,00000000,00000000,?,0031B108,00000006,FlsSetValue), ref: 0031AF96
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,0031AF0B,?,00000000,00000000,00000000,?,0031B108,00000006,FlsSetValue,00326DB8,FlsSetValue,00000000,00000364,?,00318907), ref: 0031AFA2
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0031AF0B,?,00000000,00000000,00000000,?,0031B108,00000006,FlsSetValue,00326DB8,FlsSetValue,00000000), ref: 0031AFB0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                  • Opcode ID: e63c806524cf43a6179e3896c7cfe0f0e90246927ea6d80296b1921693ab3218
                                                                                                                                                                                                                                                                  • Instruction ID: d6504b16b3ec968bee0d7758b74f3a3d7e824cc072fd2a4e0c191548818fe3ea
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e63c806524cf43a6179e3896c7cfe0f0e90246927ea6d80296b1921693ab3218
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F01F772606B2AABC7375A79AC44A97779CEF0CBA2F110628F906D3240D724D943C6E1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00310810 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0032DA30,?,?,0030218E,0032D97C), ref: 0031081A
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0032DA30,?,0030218E,0032D97C), ref: 0031084D
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(00000000,0032D97C), ref: 003108DB
                                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32 ref: 003108E7
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalEventSection$EnterLeaveReset
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3553466030-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6eb267bb05c7afcfbb99a4887de748fb950bf4cf5f293be382860e9b86319235
                                                                                                                                                                                                                                                                  • Instruction ID: fdee578318f3849235ded2e97325b7c8e5ad660dc6e05eb72bb19317d3048fcd
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6eb267bb05c7afcfbb99a4887de748fb950bf4cf5f293be382860e9b86319235
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF012C31A04224DBCB2BAF64FC49D94776CFB49311F11402DE80697730CB746953CB94
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00303B50 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • #17.COMCTL32 ref: 00303B64
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00300000,000003E9,?,00000000), ref: 00303B81
                                                                                                                                                                                                                                                                  • LoadStringW.USER32(00300000,?,?,00000000), ref: 00303B9A
                                                                                                                                                                                                                                                                  • MessageBoxExW.USER32(00000000,00000000,00000000,00000010,00000409), ref: 00303BAF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LoadString$Message
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2278601591-0
                                                                                                                                                                                                                                                                  • Opcode ID: 033c695c724e022efd2f585ce5026353d3c0f0e6dc76ce6ccf890881ffce21b3
                                                                                                                                                                                                                                                                  • Instruction ID: 87c6b177a55fbc3517e35b7515300802be0d5f2a963f26f0b537ae39ecf40fa2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 033c695c724e022efd2f585ce5026353d3c0f0e6dc76ce6ccf890881ffce21b3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF0FF75A45308BBDB119F94DD06BDDBB7CEF08711F004099FA05A61D0DBB41A458F95
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00308620 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 315COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __CxxThrowException@8.LIBVCRUNTIME ref: 00308A1A
                                                                                                                                                                                                                                                                    • Part of subcall function 0030FA10: GetProcessHeap.KERNEL32(00000000,?,?,?,?,00000000), ref: 0030FA53
                                                                                                                                                                                                                                                                    • Part of subcall function 0030FA10: HeapFree.KERNEL32(00000000), ref: 0030FA5A
                                                                                                                                                                                                                                                                    • Part of subcall function 0030EB30: GetProcessHeap.KERNEL32(00000000,8B55CCCC,00308086,?,003087D1,?,?,?), ref: 0030EB57
                                                                                                                                                                                                                                                                    • Part of subcall function 0030EB30: HeapFree.KERNEL32(00000000,?,?), ref: 0030EB5E
                                                                                                                                                                                                                                                                    • Part of subcall function 0030F860: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0030F9C6
                                                                                                                                                                                                                                                                    • Part of subcall function 0030F860: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0030F9CD
                                                                                                                                                                                                                                                                    • Part of subcall function 0030F860: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0030F9ED
                                                                                                                                                                                                                                                                    • Part of subcall function 0030F860: HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0030F9F4
                                                                                                                                                                                                                                                                    • Part of subcall function 0030E1F0: GetProcessHeap.KERNEL32(00000000,00000001), ref: 0030EA00
                                                                                                                                                                                                                                                                    • Part of subcall function 0030E1F0: HeapFree.KERNEL32(00000000), ref: 0030EA07
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • Unable to read digest or signature!, xrefs: 003089E7
                                                                                                                                                                                                                                                                  • Unable to initialize DSA parameters!, xrefs: 003089F0
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$FreeProcess$Exception@8Throw
                                                                                                                                                                                                                                                                  • String ID: Unable to initialize DSA parameters!$Unable to read digest or signature!
                                                                                                                                                                                                                                                                  • API String ID: 786774151-2226104879
                                                                                                                                                                                                                                                                  • Opcode ID: 77154600e56e7c5a33b828bd23c18503544295837f7a2a8b969d614a36378c74
                                                                                                                                                                                                                                                                  • Instruction ID: c7c1d59dc53367590344f6eb38ae7f5561b151756be7523dce65a4890fa62125
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77154600e56e7c5a33b828bd23c18503544295837f7a2a8b969d614a36378c74
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4B1CE72D0121CAADF52EBE4DC55BDFB3BDAF08304F054566E949E6182EB30E684CB51
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00311470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 003114FC: GetLastError.KERNEL32 ref: 0031150E
                                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,0030100A), ref: 003114A3
                                                                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0030100A), ref: 003114B2
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 003114AD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                  • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                  • Opcode ID: e5f9c7eb81e1b0578a0d96cfc89154a02fa7d2b3084ab9fde3bc59a0eb27e6ee
                                                                                                                                                                                                                                                                  • Instruction ID: 91e20077a2bbefeb173b2c98d6395018aea7e4fbbb98a00edbd695ee6b2b86fa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5f9c7eb81e1b0578a0d96cfc89154a02fa7d2b3084ab9fde3bc59a0eb27e6ee
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAE092702007118FD337AF25E5047D27AF8AF18B04F008D1DE555C7241DBB8E5858FA1
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030F860 Relevance: 5.2, APIs: 4, Instructions: 151memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0030F9C6
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0030F9CD
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,-00000002), ref: 0030F9ED
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,-00000002), ref: 0030F9F4
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                  • Opcode ID: 14f5b9b491f36f8ae84e7073d56f5d35c1c8c7f94465503e376b1922e34741a2
                                                                                                                                                                                                                                                                  • Instruction ID: eaeda95eebe0084d78a12e38238b5e7a266a3701374b5794cef70d3d9a357009
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14f5b9b491f36f8ae84e7073d56f5d35c1c8c7f94465503e376b1922e34741a2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0851A271E01219AFCB22DF94C890BEEB7B8FF09314F054169E804AB391D775AE45CBA0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030F5A0 Relevance: 5.1, APIs: 4, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000004,?,?,?,0030FA8D,?,00000000,?,?,?,00000000), ref: 0030F5B4
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,0030FA8D,?,00000000,?,?,?,00000000), ref: 0030F5BB
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,0030FA8D,?,00000000,?,?,?,00000000), ref: 0030F5FA
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000), ref: 0030F601
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocFree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 756756679-0
                                                                                                                                                                                                                                                                  • Opcode ID: befeee577a3d75174eff43be5db041eb964457aaa0cffc8032539f02cf21fda0
                                                                                                                                                                                                                                                                  • Instruction ID: e428dcc16bba562b18cb3a77d6e117b56f8a2ea45030f3df03abbd5bfcacaac7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: befeee577a3d75174eff43be5db041eb964457aaa0cffc8032539f02cf21fda0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7511BFB2601511BBD7229F28DC06B96F768FF44364F048625F919DBA90C732E961C7D0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 0030EE20 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,0030FA7E,?,?,?,?,?,00000000), ref: 0030EE43
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,0030FA7E,?,?,?,?,?,00000000), ref: 0030EE4A
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,0030FA7E,?,?,?,?,?,00000000), ref: 0030EE82
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 0030EE89
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.3498637412.0000000000301000.00000020.00000001.01000000.00000003.sdmp, Offset: 00300000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498575862.0000000000300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498730818.0000000000323000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498771675.000000000032D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.3498851979.0000000000330000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_300000__.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$AllocFree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 756756679-0
                                                                                                                                                                                                                                                                  • Opcode ID: 41369c8d667ceb845bae069877fa189eed8539ab511a74762c904f5f1f0ad5ae
                                                                                                                                                                                                                                                                  • Instruction ID: a605bc7622b717f27556573c4e42678688d15a0d2ab9edc62265bac8d423912d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41369c8d667ceb845bae069877fa189eed8539ab511a74762c904f5f1f0ad5ae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14019271601605AFE722AF59DC45A67B7ACEB40720F04892EF55EC6550D734EC40C7A0
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:5.8%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                                  Total number of Nodes:481
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:27
                                                                                                                                                                                                                                                                  execution_graph 3078 7ff6c7902eb0 IsProcessorFeaturePresent 3079 7ff6c7902ee7 GetModuleHandleA GetProcAddress 3078->3079 3080 7ff6c7902f1b 3079->3080 3095 7ff6c7979970 3080->3095 3085 7ff6c79694e2 3086 7ff6c79796dc 7 API calls 3085->3086 3087 7ff6c79694ed std::locale::_Setgloballocale 3086->3087 3114 7ff6c7969d80 3087->3114 3089 7ff6c7969384 __scrt_acquire_startup_lock __scrt_release_startup_lock 3089->3085 3092 7ff6c7969473 3089->3092 3104 7ff6c7979824 3089->3104 3090 7ff6c7969523 3117 7ff6c7976918 3090->3117 3107 7ff6c79796dc IsProcessorFeaturePresent 3092->3107 3094 7ff6c7969549 3096 7ff6c7902f20 3095->3096 3097 7ff6c7979993 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 3095->3097 3098 7ff6c7978ec0 3096->3098 3097->3096 3099 7ff6c7978ec8 3098->3099 3100 7ff6c7978ed4 __scrt_dllmain_crt_thread_attach 3099->3100 3101 7ff6c7978edd 3100->3101 3102 7ff6c7978ee1 3100->3102 3101->3089 3102->3101 3120 7ff6c797be08 3102->3120 3147 7ff6c79beea0 3104->3147 3108 7ff6c7979702 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 3107->3108 3109 7ff6c7979721 RtlCaptureContext RtlLookupFunctionEntry 3108->3109 3110 7ff6c797974a RtlVirtualUnwind 3109->3110 3111 7ff6c7979786 __scrt_get_show_window_mode 3109->3111 3110->3111 3112 7ff6c79797b8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3111->3112 3113 7ff6c7979806 _invalid_parameter_noinfo_noreturn 3112->3113 3113->3085 3149 7ff6c78ff4d0 3114->3149 3164 7ff6c797ab6c 3117->3164 3119 7ff6c797692a 3119->3094 3121 7ff6c797be1a 3120->3121 3122 7ff6c797be10 3120->3122 3121->3101 3126 7ff6c797bfc4 3122->3126 3127 7ff6c797bfd3 3126->3127 3128 7ff6c797be15 3126->3128 3134 7ff6c79873ec 3127->3134 3130 7ff6c7987200 3128->3130 3131 7ff6c798722b 3130->3131 3132 7ff6c798722f 3131->3132 3133 7ff6c798720e DeleteCriticalSection 3131->3133 3132->3121 3133->3131 3138 7ff6c7987254 3134->3138 3139 7ff6c7987298 __vcrt_FlsAlloc 3138->3139 3144 7ff6c798733e TlsFree 3138->3144 3140 7ff6c79872c6 LoadLibraryExW 3139->3140 3141 7ff6c7987385 GetProcAddress 3139->3141 3139->3144 3146 7ff6c7987309 LoadLibraryExW 3139->3146 3142 7ff6c79872e7 GetLastError 3140->3142 3143 7ff6c7987365 3140->3143 3141->3144 3142->3139 3143->3141 3145 7ff6c798737c FreeLibrary 3143->3145 3145->3141 3146->3139 3146->3143 3148 7ff6c797983b GetStartupInfoW 3147->3148 3148->3092 3150 7ff6c797aba0 __std_exception_copy 54 API calls 3149->3150 3152 7ff6c78ff53c 3150->3152 3151 7ff6c78ff55d 3154 7ff6c797ac30 __std_exception_destroy 13 API calls 3151->3154 3152->3151 3160 7ff6c797ac30 3152->3160 3156 7ff6c78ff56c 3154->3156 3158 7ff6c7978b20 Concurrency::cancel_current_task 8 API calls 3156->3158 3157 7ff6c797aba0 __std_exception_copy 54 API calls 3157->3151 3159 7ff6c78ff57c 3158->3159 3159->3090 3161 7ff6c78ff54f 3160->3161 3162 7ff6c797ac3f 3160->3162 3161->3157 3163 7ff6c7988af0 __std_exception_copy 13 API calls 3162->3163 3163->3161 3167 7ff6c797be50 3164->3167 3173 7ff6c797be6c 3167->3173 3170 7ff6c797ab75 3170->3119 3171 7ff6c7996398 std::locale::_Setgloballocale 52 API calls 3172 7ff6c797be68 3171->3172 3174 7ff6c797be8b GetLastError 3173->3174 3175 7ff6c797be59 3173->3175 3187 7ff6c7987434 3174->3187 3175->3170 3175->3171 3188 7ff6c7987254 __vcrt_FlsAlloc 5 API calls 3187->3188 3189 7ff6c798745b TlsGetValue 3188->3189 3191 7ff6c78cc0f0 3192 7ff6c78cc107 3191->3192 3199 7ff6c78cc131 3191->3199 3193 7ff6c78cc110 3192->3193 3194 7ff6c78cc146 3192->3194 3195 7ff6c7978b6c Concurrency::cancel_current_task 56 API calls 3193->3195 3196 7ff6c78cc2b0 Concurrency::cancel_current_task 56 API calls 3194->3196 3197 7ff6c78cc118 3195->3197 3196->3197 3198 7ff6c78cc120 3197->3198 3200 7ff6c7988a60 _invalid_parameter_noinfo_noreturn 52 API calls 3197->3200 3202 7ff6c78cc13f 3199->3202 3203 7ff6c79a1ee0 Concurrency::cancel_current_task 2 API calls 3199->3203 3204 7ff6c7978b96 3199->3204 3201 7ff6c78cc151 3200->3201 3203->3199 3205 7ff6c7978ba1 3204->3205 3207 7ff6c7975e74 Concurrency::cancel_current_task 56 API calls 3204->3207 3206 7ff6c78cc2b0 Concurrency::cancel_current_task 56 API calls 3205->3206 3208 7ff6c7978ba7 3206->3208 3207->3205 3432 7ff6c78e01b0 3433 7ff6c78e0201 Concurrency::cancel_current_task 3432->3433 3434 7ff6c7978b20 Concurrency::cancel_current_task 8 API calls 3433->3434 3435 7ff6c78e0391 3434->3435 3266 7ff6c799c3d8 3269 7ff6c799c3dd 3266->3269 3270 7ff6c799c41e 3266->3270 3268 7ff6c799c427 3271 7ff6c7988a90 _invalid_parameter_noinfo_noreturn 17 API calls 3268->3271 3269->3268 3269->3270 3277 7ff6c79955bc 3269->3277 3272 7ff6c799c43c 3271->3272 3273 7ff6c7995714 __std_exception_copy 11 API calls 3272->3273 3274 7ff6c799c465 3273->3274 3275 7ff6c7988a40 _invalid_parameter_noinfo 52 API calls 3274->3275 3276 7ff6c799c470 3275->3276 3278 7ff6c79955cc 3277->3278 3282 7ff6c79955d6 3277->3282 3278->3282 3283 7ff6c799560f 3278->3283 3279 7ff6c7995714 __std_exception_copy 11 API calls 3285 7ff6c79955de 3279->3285 3280 7ff6c7988a40 _invalid_parameter_noinfo 52 API calls 3281 7ff6c79955ea 3280->3281 3281->3269 3282->3279 3283->3281 3284 7ff6c7995714 __std_exception_copy 11 API calls 3283->3284 3284->3285 3285->3280 3420 7ff6c7975f20 3425 7ff6c78e6190 3420->3425 3423 7ff6c797bab0 Concurrency::cancel_current_task 2 API calls 3424 7ff6c7975f42 3423->3424 3426 7ff6c78e62b0 Concurrency::cancel_current_task 54 API calls 3425->3426 3427 7ff6c78e61b1 3426->3427 3427->3423 3286 7ff6c797bde0 3293 7ff6c798719c 3286->3293 3289 7ff6c797bded 3294 7ff6c79871a4 3293->3294 3296 7ff6c79871d5 3294->3296 3298 7ff6c797bde9 3294->3298 3306 7ff6c79874d0 3294->3306 3297 7ff6c7987200 __vcrt_uninitialize_locks DeleteCriticalSection 3296->3297 3297->3298 3298->3289 3299 7ff6c797bf7c 3298->3299 3311 7ff6c79873a4 3299->3311 3307 7ff6c7987254 __vcrt_FlsAlloc 5 API calls 3306->3307 3308 7ff6c7987506 3307->3308 3309 7ff6c798751b InitializeCriticalSectionAndSpinCount 3308->3309 3310 7ff6c7987510 3308->3310 3309->3310 3310->3294 3312 7ff6c7987254 __vcrt_FlsAlloc 5 API calls 3311->3312 3313 7ff6c79873c9 TlsAlloc 3312->3313 2713 7ff6c7976ccc 2724 7ff6c7977008 2713->2724 2715 7ff6c7976cee 2723 7ff6c7976d32 Concurrency::cancel_current_task 2715->2723 2728 7ff6c7976ec4 2715->2728 2717 7ff6c7976d06 2731 7ff6c7976ef4 2717->2731 2720 7ff6c7976da6 2723->2723 2742 7ff6c7977080 2723->2742 2725 7ff6c7977017 2724->2725 2727 7ff6c797701c 2724->2727 2746 7ff6c79a16b4 2725->2746 2727->2715 2779 7ff6c7978b6c 2728->2779 2730 7ff6c7976ed6 2730->2717 2732 7ff6c7976d11 2731->2732 2733 7ff6c7976f06 2731->2733 2732->2723 2735 7ff6c7988af0 2732->2735 2979 7ff6c79786a4 2733->2979 2736 7ff6c79a2de4 2735->2736 2737 7ff6c79a2e1a 2736->2737 2738 7ff6c79a2de9 RtlRestoreThreadPreferredUILanguages 2736->2738 2737->2723 2738->2737 2739 7ff6c79a2e04 GetLastError 2738->2739 2740 7ff6c79a2e11 __free_lconv_mon 2739->2740 2741 7ff6c7995714 __std_exception_copy 11 API calls 2740->2741 2741->2737 2743 7ff6c797708b LeaveCriticalSection 2742->2743 2744 7ff6c7977094 2742->2744 2744->2720 2749 7ff6c79a4a18 2746->2749 2770 7ff6c79a4100 2749->2770 2752 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2753 7ff6c79a4a57 2752->2753 2754 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2753->2754 2755 7ff6c79a4a76 2754->2755 2756 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2755->2756 2757 7ff6c79a4a95 2756->2757 2758 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2757->2758 2759 7ff6c79a4ab4 2758->2759 2760 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2759->2760 2761 7ff6c79a4ad3 2760->2761 2762 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2761->2762 2763 7ff6c79a4af2 2762->2763 2764 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2763->2764 2765 7ff6c79a4b11 2764->2765 2766 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2765->2766 2767 7ff6c79a4b30 2766->2767 2768 7ff6c79a4100 std::_Lockit::_Lockit 5 API calls 2767->2768 2769 7ff6c79a4b4f 2768->2769 2771 7ff6c79a4161 2770->2771 2776 7ff6c79a415c __vcrt_FlsAlloc 2770->2776 2771->2752 2772 7ff6c79a4190 LoadLibraryW 2774 7ff6c79a4265 2772->2774 2775 7ff6c79a41b5 GetLastError 2772->2775 2773 7ff6c79a4285 GetProcAddressForCaller 2773->2771 2774->2773 2777 7ff6c79a427c FreeLibrary 2774->2777 2775->2776 2776->2771 2776->2772 2776->2773 2778 7ff6c79a41ef LoadLibraryExW 2776->2778 2777->2773 2778->2774 2778->2776 2780 7ff6c7978b77 2779->2780 2781 7ff6c7978b90 2780->2781 2783 7ff6c7978b96 2780->2783 2788 7ff6c79a1ee0 2780->2788 2781->2730 2784 7ff6c7978ba1 2783->2784 2791 7ff6c7975e74 2783->2791 2801 7ff6c78cc2b0 2784->2801 2787 7ff6c7978ba7 2817 7ff6c79a1f1c 2788->2817 2792 7ff6c7975e82 Concurrency::cancel_current_task 2791->2792 2823 7ff6c797bab0 2792->2823 2794 7ff6c7975e93 Concurrency::cancel_current_task 2795 7ff6c797bab0 Concurrency::cancel_current_task 2 API calls 2794->2795 2796 7ff6c7975eb3 2795->2796 2828 7ff6c78e6320 2796->2828 2799 7ff6c797bab0 Concurrency::cancel_current_task 2 API calls 2800 7ff6c7975ed6 2799->2800 2802 7ff6c78cc2be Concurrency::cancel_current_task 2801->2802 2803 7ff6c797bab0 Concurrency::cancel_current_task 2 API calls 2802->2803 2804 7ff6c78cc2cf 2803->2804 2805 7ff6c78cc30a 2804->2805 2806 7ff6c78cc3b8 2804->2806 2808 7ff6c78cc318 Concurrency::cancel_current_task 2805->2808 2809 7ff6c78cc3bd 2805->2809 2810 7ff6c78cc349 2805->2810 2951 7ff6c78cc0d0 2806->2951 2808->2787 2811 7ff6c78cc2b0 Concurrency::cancel_current_task 56 API calls 2809->2811 2933 7ff6c78cc0f0 2810->2933 2813 7ff6c78cc3c3 2811->2813 2815 7ff6c797aba0 __std_exception_copy 54 API calls 2813->2815 2814 7ff6c78cc360 Concurrency::cancel_current_task 2814->2787 2816 7ff6c78cc406 2815->2816 2816->2787 2822 7ff6c79a1638 EnterCriticalSection 2817->2822 2819 7ff6c79a1f29 2820 7ff6c79a1698 std::locale::_Setgloballocale LeaveCriticalSection 2819->2820 2821 7ff6c79a1eee 2820->2821 2821->2780 2824 7ff6c797bacf 2823->2824 2825 7ff6c797bb1a RaiseException 2824->2825 2826 7ff6c797baf8 RtlPcToFileHeader 2824->2826 2825->2794 2827 7ff6c797bb10 2826->2827 2827->2825 2831 7ff6c78e62b0 2828->2831 2836 7ff6c797aba0 2831->2836 2837 7ff6c797abc1 2836->2837 2840 7ff6c78e6300 2836->2840 2837->2840 2841 7ff6c797abf6 2837->2841 2851 7ff6c799a478 2837->2851 2838 7ff6c7988af0 __std_exception_copy 13 API calls 2838->2840 2842 7ff6c7978b20 2840->2842 2841->2838 2843 7ff6c7978b29 2842->2843 2844 7ff6c78e6310 2843->2844 2845 7ff6c7979250 IsProcessorFeaturePresent 2843->2845 2844->2799 2846 7ff6c7979268 2845->2846 2928 7ff6c7979444 RtlCaptureContext 2846->2928 2852 7ff6c799a48f 2851->2852 2853 7ff6c799a485 2851->2853 2860 7ff6c7995714 2852->2860 2853->2852 2858 7ff6c799a4aa 2853->2858 2855 7ff6c799a496 2863 7ff6c7988a40 2855->2863 2857 7ff6c799a4a2 2857->2841 2858->2857 2859 7ff6c7995714 __std_exception_copy 11 API calls 2858->2859 2859->2855 2866 7ff6c79a2b98 GetLastError 2860->2866 2862 7ff6c799571d 2862->2855 2901 7ff6c79888d4 2863->2901 2867 7ff6c79a2bd9 FlsSetValue 2866->2867 2868 7ff6c79a2bbc 2866->2868 2869 7ff6c79a2bc9 2867->2869 2870 7ff6c79a2beb 2867->2870 2868->2867 2868->2869 2871 7ff6c79a2c45 SetLastError 2869->2871 2883 7ff6c79a2fb0 2870->2883 2871->2862 2874 7ff6c79a2c18 FlsSetValue 2877 7ff6c79a2c24 FlsSetValue 2874->2877 2878 7ff6c79a2c36 2874->2878 2875 7ff6c79a2c08 FlsSetValue 2876 7ff6c79a2c11 2875->2876 2890 7ff6c79a2de4 2876->2890 2877->2876 2896 7ff6c79a27c4 2878->2896 2882 7ff6c79a2de4 __free_lconv_mon 5 API calls 2882->2871 2888 7ff6c79a2fc1 __std_exception_copy 2883->2888 2884 7ff6c79a3012 2886 7ff6c7995714 __std_exception_copy 10 API calls 2884->2886 2885 7ff6c79a2ff6 RtlAllocateHeap 2887 7ff6c79a2bfa 2885->2887 2885->2888 2886->2887 2887->2874 2887->2875 2888->2884 2888->2885 2889 7ff6c79a1ee0 Concurrency::cancel_current_task EnterCriticalSection LeaveCriticalSection 2888->2889 2889->2888 2891 7ff6c79a2e1a 2890->2891 2892 7ff6c79a2de9 RtlRestoreThreadPreferredUILanguages 2890->2892 2891->2869 2892->2891 2893 7ff6c79a2e04 GetLastError 2892->2893 2894 7ff6c79a2e11 __free_lconv_mon 2893->2894 2895 7ff6c7995714 __std_exception_copy 9 API calls 2894->2895 2895->2891 2897 7ff6c79a269c __std_exception_copy EnterCriticalSection LeaveCriticalSection 2896->2897 2898 7ff6c79a2876 2897->2898 2899 7ff6c79a271c __std_exception_copy 11 API calls 2898->2899 2900 7ff6c79a288b 2899->2900 2900->2882 2902 7ff6c79888ff 2901->2902 2909 7ff6c7988970 2902->2909 2904 7ff6c7988926 2907 7ff6c7988949 2904->2907 2919 7ff6c7988650 2904->2919 2906 7ff6c798895e 2906->2857 2907->2906 2908 7ff6c7988650 _invalid_parameter_noinfo 52 API calls 2907->2908 2908->2906 2910 7ff6c79886b8 _invalid_parameter_noinfo 18 API calls 2909->2910 2911 7ff6c798899a 2910->2911 2912 7ff6c79889ab 2911->2912 2913 7ff6c7988724 _invalid_parameter_noinfo GetLastError SetLastError 2911->2913 2912->2904 2914 7ff6c79889f7 2913->2914 2914->2912 2915 7ff6c7988a90 _invalid_parameter_noinfo_noreturn 17 API calls 2914->2915 2916 7ff6c7988a3e 2915->2916 2917 7ff6c79888d4 _invalid_parameter_noinfo 52 API calls 2916->2917 2918 7ff6c7988a59 2917->2918 2918->2904 2920 7ff6c79886a3 2919->2920 2921 7ff6c7988663 GetLastError 2919->2921 2920->2907 2922 7ff6c7988673 2921->2922 2923 7ff6c79a2c60 _invalid_parameter_noinfo 16 API calls 2922->2923 2924 7ff6c798868e SetLastError 2923->2924 2924->2920 2925 7ff6c79886b1 2924->2925 2926 7ff6c7996398 std::locale::_Setgloballocale 50 API calls 2925->2926 2927 7ff6c79886b6 2926->2927 2929 7ff6c797945e RtlLookupFunctionEntry 2928->2929 2930 7ff6c797927b 2929->2930 2931 7ff6c7979474 RtlVirtualUnwind 2929->2931 2932 7ff6c7979214 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2930->2932 2931->2929 2931->2930 2934 7ff6c78cc107 2933->2934 2941 7ff6c78cc131 2933->2941 2935 7ff6c78cc110 2934->2935 2936 7ff6c78cc146 2934->2936 2937 7ff6c7978b6c Concurrency::cancel_current_task 56 API calls 2935->2937 2938 7ff6c78cc2b0 Concurrency::cancel_current_task 56 API calls 2936->2938 2939 7ff6c78cc118 2937->2939 2938->2939 2940 7ff6c78cc120 2939->2940 2954 7ff6c7988a60 2939->2954 2940->2814 2944 7ff6c78cc13f 2941->2944 2945 7ff6c79a1ee0 Concurrency::cancel_current_task 2 API calls 2941->2945 2946 7ff6c7978b96 2941->2946 2944->2814 2945->2941 2947 7ff6c7978ba1 2946->2947 2949 7ff6c7975e74 Concurrency::cancel_current_task 56 API calls 2946->2949 2948 7ff6c78cc2b0 Concurrency::cancel_current_task 56 API calls 2947->2948 2950 7ff6c7978ba7 2948->2950 2949->2947 2971 7ff6c7975ed8 2951->2971 2955 7ff6c79888d4 _invalid_parameter_noinfo 52 API calls 2954->2955 2956 7ff6c7988a79 2955->2956 2959 7ff6c7988a90 IsProcessorFeaturePresent 2956->2959 2960 7ff6c7988aa3 2959->2960 2963 7ff6c7988770 2960->2963 2964 7ff6c79887aa _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 2963->2964 2965 7ff6c79887d2 RtlCaptureContext RtlLookupFunctionEntry 2964->2965 2966 7ff6c7988842 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 2965->2966 2967 7ff6c798880c RtlVirtualUnwind 2965->2967 2968 7ff6c7988894 _invalid_parameter_noinfo_noreturn 2966->2968 2967->2966 2969 7ff6c7978b20 Concurrency::cancel_current_task 8 API calls 2968->2969 2970 7ff6c79888b3 GetCurrentProcess TerminateProcess 2969->2970 2976 7ff6c7975d48 2971->2976 2974 7ff6c797bab0 Concurrency::cancel_current_task 2 API calls 2975 7ff6c7975efa 2974->2975 2977 7ff6c797aba0 __std_exception_copy 54 API calls 2976->2977 2978 7ff6c7975d7c 2977->2978 2978->2974 2980 7ff6c79786d9 2979->2980 2981 7ff6c79786b2 EncodePointer 2979->2981 2984 7ff6c7996398 2980->2984 2981->2732 2993 7ff6c79a77bc 2984->2993 3021 7ff6c79a7774 2993->3021 3026 7ff6c79a1638 EnterCriticalSection 3021->3026 3071 7ff6c79a2fb0 3076 7ff6c79a2fc1 __std_exception_copy 3071->3076 3072 7ff6c79a3012 3074 7ff6c7995714 __std_exception_copy 10 API calls 3072->3074 3073 7ff6c79a2ff6 RtlAllocateHeap 3075 7ff6c79a3010 3073->3075 3073->3076 3074->3075 3076->3072 3076->3073 3077 7ff6c79a1ee0 Concurrency::cancel_current_task 2 API calls 3076->3077 3077->3076 3209 7ff6c78cc040 3210 7ff6c78cc059 3209->3210 3211 7ff6c78cc082 3209->3211 3210->3209 3210->3211 3212 7ff6c7988a60 _invalid_parameter_noinfo_noreturn 52 API calls 3210->3212 3212->3210 3392 7ff6c78d2ee0 3393 7ff6c78d2efc 3392->3393 3394 7ff6c78d3077 3393->3394 3412 7ff6c78e5d40 3393->3412 3396 7ff6c78e5d40 56 API calls 3394->3396 3398 7ff6c78d3084 3396->3398 3417 7ff6c78e5cb0 3412->3417 3415 7ff6c797bab0 Concurrency::cancel_current_task 2 API calls 3416 7ff6c78e5d69 3415->3416 3418 7ff6c78e62b0 Concurrency::cancel_current_task 54 API calls 3417->3418 3419 7ff6c78e5cd1 3418->3419 3419->3415 3436 7ff6c78e0b20 3437 7ff6c78e0b5c 3436->3437 3441 7ff6c78e0b83 Concurrency::cancel_current_task 3436->3441 3438 7ff6c78e0b61 3437->3438 3437->3441 3439 7ff6c7978b20 Concurrency::cancel_current_task 8 API calls 3438->3439 3440 7ff6c78e0b7d 3439->3440 3442 7ff6c7978b20 Concurrency::cancel_current_task 8 API calls 3441->3442 3443 7ff6c78e0d22 3442->3443 3315 7ff6c79a89ec 3316 7ff6c79a8a1c 3315->3316 3323 7ff6c79a86cc 3316->3323 3319 7ff6c7988650 _invalid_parameter_noinfo 52 API calls 3321 7ff6c79a8a68 3319->3321 3320 7ff6c7988650 _invalid_parameter_noinfo 52 API calls 3322 7ff6c79a8a7d 3320->3322 3321->3320 3321->3322 3325 7ff6c79a86fa 3323->3325 3324 7ff6c79a86ff 3326 7ff6c7988970 _invalid_parameter_noinfo 52 API calls 3324->3326 3328 7ff6c79a8730 3324->3328 3325->3324 3329 7ff6c79a87f0 3325->3329 3326->3328 3328->3319 3328->3321 3330 7ff6c79a8823 3329->3330 3331 7ff6c79a8865 3330->3331 3332 7ff6c79a8838 3330->3332 3341 7ff6c79a8828 3330->3341 3334 7ff6c79a8873 3331->3334 3348 7ff6c798dec0 3331->3348 3333 7ff6c7988970 _invalid_parameter_noinfo 52 API calls 3332->3333 3333->3341 3336 7ff6c79a8887 3334->3336 3337 7ff6c79a88ab 3334->3337 3355 7ff6c79aec7c 3336->3355 3339 7ff6c79a88b4 3337->3339 3340 7ff6c79a898a 3337->3340 3339->3341 3361 7ff6c79aa634 3339->3361 3340->3341 3343 7ff6c79aa634 MultiByteToWideChar 3340->3343 3341->3324 3343->3341 3349 7ff6c7988650 _invalid_parameter_noinfo 52 API calls 3348->3349 3350 7ff6c798ded7 3349->3350 3364 7ff6c79a2f0c 3350->3364 3358 7ff6c79aecad 3355->3358 3359 7ff6c79aed94 3355->3359 3356 7ff6c79b04cc 8 API calls 3356->3359 3360 7ff6c79aed69 3358->3360 3388 7ff6c79b04cc 3358->3388 3359->3356 3359->3360 3360->3341 3362 7ff6c79aa63c MultiByteToWideChar 3361->3362 3365 7ff6c79a2f25 3364->3365 3366 7ff6c798deff 3364->3366 3365->3366 3372 7ff6c79aa9c4 3365->3372 3368 7ff6c79a2f78 3366->3368 3369 7ff6c79a2f91 3368->3369 3371 7ff6c798df0f 3368->3371 3369->3371 3385 7ff6c79ab300 3369->3385 3371->3334 3373 7ff6c79a2a20 std::locale::_Setgloballocale 52 API calls 3372->3373 3374 7ff6c79aa9d3 3373->3374 3375 7ff6c79aaa1e 3374->3375 3384 7ff6c79a1638 EnterCriticalSection 3374->3384 3375->3366 3386 7ff6c79a2a20 std::locale::_Setgloballocale 52 API calls 3385->3386 3387 7ff6c79ab309 3386->3387 3391 7ff6c79b0530 3388->3391 3389 7ff6c7978b20 Concurrency::cancel_current_task 8 API calls 3390 7ff6c79b0696 3389->3390 3390->3358 3391->3389 3213 7ff6c79595d0 3214 7ff6c79595e3 3213->3214 3222 7ff6c7959627 3213->3222 3223 7ff6c79790ac 3214->3223 3217 7ff6c79790ac 55 API calls 3218 7ff6c79595fb 3217->3218 3219 7ff6c79790ac 55 API calls 3218->3219 3220 7ff6c7959607 3219->3220 3226 7ff6c7969730 3220->3226 3229 7ff6c7979070 3223->3229 3225 7ff6c79595ef 3225->3217 3227 7ff6c7978b6c Concurrency::cancel_current_task 56 API calls 3226->3227 3228 7ff6c7969753 3227->3228 3228->3222 3228->3228 3230 7ff6c797908a 3229->3230 3232 7ff6c7979083 3229->3232 3233 7ff6c79a2314 3230->3233 3232->3225 3236 7ff6c79a1f50 3233->3236 3243 7ff6c79a1638 EnterCriticalSection 3236->3243 3238 7ff6c79a1f6c 3239 7ff6c79a1fc8 55 API calls 3238->3239 3240 7ff6c79a1f75 3239->3240 3241 7ff6c79a1698 std::locale::_Setgloballocale LeaveCriticalSection 3240->3241 3242 7ff6c79a1f7e 3241->3242 3242->3232 3244 7ff6c7959130 3245 7ff6c7959144 3244->3245 3255 7ff6c79591c6 3244->3255 3246 7ff6c7978b6c Concurrency::cancel_current_task 56 API calls 3245->3246 3247 7ff6c7959160 InitializeCriticalSection 3246->3247 3248 7ff6c79591cb 3247->3248 3247->3255 3256 7ff6c7921950 3248->3256 3250 7ff6c79591d0 3261 7ff6c78e5900 3250->3261 3252 7ff6c79591d9 3253 7ff6c78e5900 52 API calls 3252->3253 3254 7ff6c79591e2 DeleteCriticalSection 3253->3254 3254->3255 3257 7ff6c79219c2 3256->3257 3258 7ff6c792196c 3256->3258 3257->3250 3258->3257 3259 7ff6c7988a60 _invalid_parameter_noinfo_noreturn 52 API calls 3258->3259 3260 7ff6c79219e7 3259->3260 3262 7ff6c78e5917 3261->3262 3264 7ff6c78e5940 3261->3264 3263 7ff6c7988a60 _invalid_parameter_noinfo_noreturn 52 API calls 3262->3263 3262->3264 3265 7ff6c78e5960 3263->3265 3264->3252 3265->3252 3428 7ff6c78c717a 3429 7ff6c78c717d 3428->3429 3430 7ff6c78c7320 3429->3430 3431 7ff6c78c72ea RtlVirtualUnwind 3429->3431 3431->3430

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 00007FF6C7902EB0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 87libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFeatureHandleModulePresentProcProcessor
                                                                                                                                                                                                                                                                  • String ID: LdrEnumerateLoadedModules$asw::main::impl::at_exit_action_node::action_failed_exception::action_failed_exception: atexit action throws exception!$ntdll
                                                                                                                                                                                                                                                                  • API String ID: 431857297-521359223
                                                                                                                                                                                                                                                                  • Opcode ID: dd8f60824a193151926e75dd87d3c1fda839cd61a075ad9d69e9516f9280571c
                                                                                                                                                                                                                                                                  • Instruction ID: 8e7ab42ab3311d24066c852c80196a3dfcc555e2b53976c5051970fa26127ac3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd8f60824a193151926e75dd87d3c1fda839cd61a075ad9d69e9516f9280571c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D631A922E0D64386FB54AF62E5513B926A4EF45792F840138E6CEC77D3DE2CE554C381
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A4100 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?,00007FF6C79A16BD,?,?,?,?,00007FF6C797701C,?,?,00000000,00007FF6C7976CEE), ref: 00007FF6C79A427F
                                                                                                                                                                                                                                                                  • GetProcAddressForCaller.KERNELBASE(?,?,?,?,00007FF6C79A16BD,?,?,?,?,00007FF6C797701C,?,?,00000000,00007FF6C7976CEE), ref: 00007FF6C79A428B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressCallerFreeLibraryProc
                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                  • API String ID: 3520295827-537541572
                                                                                                                                                                                                                                                                  • Opcode ID: c3e8b629507090b9d7be623ded371ebec7ff601412032955322ca3ea2833716f
                                                                                                                                                                                                                                                                  • Instruction ID: d49ba4f60fe6a5c0ebea3b751ca0af1f40343205e0511882ac68a5a5f90ac75e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3e8b629507090b9d7be623ded371ebec7ff601412032955322ca3ea2833716f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF41F422B1AA0381FA11DF5AAC0027563E2BF54BE2F494139DDADCB796EE3CE4458340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C78CC0F0 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 73155330-0
                                                                                                                                                                                                                                                                  • Opcode ID: 113e40f9eb7e9e0fb765bd804c135985abb7408d6853805f65643cee1f210179
                                                                                                                                                                                                                                                                  • Instruction ID: 2e6893b4d29524565e9f051b113c9e2d078ba8db2ce7cc00ac57164e31f165ba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 113e40f9eb7e9e0fb765bd804c135985abb7408d6853805f65643cee1f210179
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89F08C92F1B60389EC48BB6A84A623916905F84763F900B31E3AE857C6EE2CE0924700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C7978B6C Relevance: 3.0, APIs: 2, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7cce1e5d19ecc07bcb5535780537d9057b18c88148151df04d71f5359e43c3d3
                                                                                                                                                                                                                                                                  • Instruction ID: d2ef545b9d46ecad84a245f59897e83b08f00d96de2a5e12c30d551e281f70bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cce1e5d19ecc07bcb5535780537d9057b18c88148151df04d71f5359e43c3d3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE0EC90E1E20752F9682FA3155687902840F593B3F2C1B31DAFEC96C3FD1CB4524154
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A2DE4 Relevance: 3.0, APIs: 2, Instructions: 18threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLanguagesLastPreferredRestoreThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 588628887-0
                                                                                                                                                                                                                                                                  • Opcode ID: e64f3f595fc15bf38720328d9ed4b57487a68eb9fb9313cf6daf3d051aefbe32
                                                                                                                                                                                                                                                                  • Instruction ID: 6ce88981195a74ac94b816e962929498ca399bd2f8040db8b40b4009cd8276dc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e64f3f595fc15bf38720328d9ed4b57487a68eb9fb9313cf6daf3d051aefbe32
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33E01241F1A64386FF186FF2984913611615FB8793F544034C98DC7293EE1CA9D48244
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C78CC040 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 127 7ff6c78cc040-7ff6c78cc057 128 7ff6c78cc08a-7ff6c78cc0a0 127->128 129 7ff6c78cc059-7ff6c78cc06b 127->129 130 7ff6c78cc085 call 7ff6c7978ba8 129->130 131 7ff6c78cc06d-7ff6c78cc080 129->131 130->128 132 7ff6c78cc082 131->132 133 7ff6c78cc0a1-7ff6c78cc0c2 call 7ff6c7988a60 131->133 132->130 133->127
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                                  • Opcode ID: a8ad2e2410ad245744a909b91108001c5fbc68aaf7b4fbf9447c73672d962e9c
                                                                                                                                                                                                                                                                  • Instruction ID: 2196fc996b35c2ae6b8ac6635e58cda74cf4f0d99e37251f9bb7b68e8e578d9a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8ad2e2410ad245744a909b91108001c5fbc68aaf7b4fbf9447c73672d962e9c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BF0C8B1B25786D1EB04EF3AD08532D23A1EB44B8AF508031DBCD86A4ADF7CD5E08740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A2FB0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6C79A2BFA,?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A3005
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3fdd6eab09de938825e1d38bdbf211b8db5cea1d69b3d13befd58bad4c215daf
                                                                                                                                                                                                                                                                  • Instruction ID: e7c7d3e9870755f6571136358c24f93cb1675684c12ec55fcddd14954028434e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fdd6eab09de938825e1d38bdbf211b8db5cea1d69b3d13befd58bad4c215daf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82F0B415F0B20345FE549FA258013B512A5AF99BE6F0C4431CD8ECB3C3DE2CE5809221
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A2D84 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,?,00007FF6C79A866D,?,?,00000000,00007FF6C79A2663,?,?,?,00007FF6C79A207F,?,?,?,00007FF6C79A1F75), ref: 00007FF6C79A2DC2
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0b1020424cecb39bed94fcbabcea1f7f5295cbe6e883ee52df47b61afa3af6d0
                                                                                                                                                                                                                                                                  • Instruction ID: 7f0643b6f01a22d12aaaab40122adc3b15d579e660d27f5fbc2ceb070b91a981
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b1020424cecb39bed94fcbabcea1f7f5295cbe6e883ee52df47b61afa3af6d0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0F03016F5E20749FE54AFB158052B512915FD57F6F088630DDAEC63C7DE2CE4808322
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 00007FF6C79796DC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3140674995-0
                                                                                                                                                                                                                                                                  • Opcode ID: bce1a87e6b3a1a5fc249787ee806e8b5f1e0d901e6af8faf1dd568f01602fd43
                                                                                                                                                                                                                                                                  • Instruction ID: c410c78e07945e1d56d8653003996120979a9b574c1366677d182a5331cfc5e4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bce1a87e6b3a1a5fc249787ee806e8b5f1e0d901e6af8faf1dd568f01602fd43
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09315E76609B828AEB608FA4E8403ED7374FB94745F44403ADA8E87B96EF3CD548C714
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C7988770 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7ebc3e740caaa38044f504a66d7389bfab10c03e195e7626b7c764adefabef52
                                                                                                                                                                                                                                                                  • Instruction ID: db1e1f7dc0a036f85f719ec46e5c632593566e1b9b51342712ef806ac10e8e64
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ebc3e740caaa38044f504a66d7389bfab10c03e195e7626b7c764adefabef52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B319236618F8286EB60CF65E8406AE73A4FB88795F540136EADD83B96DF3CD545CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A2A20 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast$AllocateHeapLanguagesPreferredRestoreThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 356650666-0
                                                                                                                                                                                                                                                                  • Opcode ID: dbe2babdb4441d30f5caca363ea9759d5c9a7f340d1b4e2f6175bf11e913039c
                                                                                                                                                                                                                                                                  • Instruction ID: cfe201a4b928418891208f52e0a11eb0b264948061dc0782d00e578420f07d7d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbe2babdb4441d30f5caca363ea9759d5c9a7f340d1b4e2f6175bf11e913039c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55419F20E0E24346FA6CAF79551117922925F857B2F148B35E8BECB7E7EE2CF4014602
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C7987254 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6C7987506,?,?,?,00007FF6C79871C0,?,?,?,00007FF6C797BDE9), ref: 00007FF6C79872D9
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6C7987506,?,?,?,00007FF6C79871C0,?,?,?,00007FF6C797BDE9), ref: 00007FF6C79872E7
                                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF6C7987506,?,?,?,00007FF6C79871C0,?,?,?,00007FF6C797BDE9), ref: 00007FF6C7987311
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF6C7987506,?,?,?,00007FF6C79871C0,?,?,?,00007FF6C797BDE9), ref: 00007FF6C798737F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6C7987506,?,?,?,00007FF6C79871C0,?,?,?,00007FF6C797BDE9), ref: 00007FF6C798738B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                                  • Opcode ID: 562e4862db9cea0dee6eeb492764c21e552bd9b73d6d80741240bdd4eb1b1bc6
                                                                                                                                                                                                                                                                  • Instruction ID: 2c7dfbfe5f263df800ecac723cea05ebda90dbc3eddfdff7877ed1fede55683d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 562e4862db9cea0dee6eeb492764c21e552bd9b73d6d80741240bdd4eb1b1bc6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F31D421A0A74391EE15DF62E84057823E4FF18BA2F090536DD9D87356DF3CE4408301
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79B071C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                  • Opcode ID: f436f3598382d4eae56956204aea27485fc900eea33688375395fea7cb0cb7b6
                                                                                                                                                                                                                                                                  • Instruction ID: 9c6d0b142cbde00801a4046813222f91c34bc4abcc148b31dd6fe36eddae9027
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f436f3598382d4eae56956204aea27485fc900eea33688375395fea7cb0cb7b6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2511D032B18A8286E3509F56E844339A3B1FB98FE2F104234EA9DC37A5CF7CD4048744
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A2B98 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A2BA7
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A2BDD
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A2C0A
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A2C1B
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A2C2C
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF6C799571D,?,?,?,?,00007FF6C79A2E18), ref: 00007FF6C79A2C47
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                  • Opcode ID: c592814a99e0edc173d9e17e2226b0f33bc7a94577893a3ee8a32aa5925379e5
                                                                                                                                                                                                                                                                  • Instruction ID: 95e532ef7e4736f9c0a011029d19317385c4cb5f36a6f7e004fe5187e3955c4e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c592814a99e0edc173d9e17e2226b0f33bc7a94577893a3ee8a32aa5925379e5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE116D21E0E24342FA586F399A4503961A26F887F2F548735E8BEC76E7EE2CF4414702
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A2C60 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF6C79886FF,?,?,00000000,00007FF6C798899A,?,?,?,?,?,00007FF6C7988926), ref: 00007FF6C79A2C7F
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C79886FF,?,?,00000000,00007FF6C798899A,?,?,?,?,?,00007FF6C7988926), ref: 00007FF6C79A2C9E
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C79886FF,?,?,00000000,00007FF6C798899A,?,?,?,?,?,00007FF6C7988926), ref: 00007FF6C79A2CC6
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C79886FF,?,?,00000000,00007FF6C798899A,?,?,?,?,?,00007FF6C7988926), ref: 00007FF6C79A2CD7
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF6C79886FF,?,?,00000000,00007FF6C798899A,?,?,?,?,?,00007FF6C7988926), ref: 00007FF6C79A2CE8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5d38497be5916a0e1a75286b9d4529db05ba6c67d2609447b26e2899a33d0bf6
                                                                                                                                                                                                                                                                  • Instruction ID: bffe2d2eac73fe6ae4327b02abc10cc7db1ee9b5818eea02244f333f642c36a5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d38497be5916a0e1a75286b9d4529db05ba6c67d2609447b26e2899a33d0bf6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB116A21E0E24341FA589F39A64113921925F847B2F449335EDBEC77EBEE2CF4028702
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A04A0 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                  • Opcode ID: cdcbf96a7943b5a26f16623fc8a31838fc1e5a9d5b53931d0011764705b6c040
                                                                                                                                                                                                                                                                  • Instruction ID: ec8e78f51bf3ba65693f579ea9ceca9ab299378d32e7d2328394389885bdded7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cdcbf96a7943b5a26f16623fc8a31838fc1e5a9d5b53931d0011764705b6c040
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5D1D222F09A8689E710CF79D8402AC37B1FB457A9F144236DE9E97B9ADE38D416C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A0E7C Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6C79A0E1C), ref: 00007FF6C79A0F9F
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF6C79A0E1C), ref: 00007FF6C79A1029
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                                                                  • Opcode ID: 51e994d2c4a1c3eb4be4e93091f3271c3eb4fa59fed731ea0944c899e11818fd
                                                                                                                                                                                                                                                                  • Instruction ID: cf37fb7905afecc935143c5d16f96daeef98c8d416ff70f98be0ae1e22fd1965
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51e994d2c4a1c3eb4be4e93091f3271c3eb4fa59fed731ea0944c899e11818fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E491E022E19AA389FB50CF6998812BD37B1FB047EAF544136DE8E93696DF38D441C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C78FF4D0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __std_exception_copy__std_exception_destroy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2960854011-0
                                                                                                                                                                                                                                                                  • Opcode ID: 66f3a3b1fe0d55b18bb0f0d5a67fce6a11adc169c06312464a3e0e9a3d384224
                                                                                                                                                                                                                                                                  • Instruction ID: d7dd29d5ddaf7b55d224990f64b13727512b7c62a283a28cbc5f94d2b2f720df
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66f3a3b1fe0d55b18bb0f0d5a67fce6a11adc169c06312464a3e0e9a3d384224
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D111D333A28B8181E700CF24E8814AC73A8FB98B84F955135FA9D83756EF38D9D2C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C7979970 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                  • Opcode ID: 479cdb42449afa573d09263ea83df1eb4bca29146fdf0dc9855922d2313494eb
                                                                                                                                                                                                                                                                  • Instruction ID: 066f187daa5608080ff1464a5a7f5928090bc9b8bd034cadfb7fb5a8386ac849
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 479cdb42449afa573d09263ea83df1eb4bca29146fdf0dc9855922d2313494eb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7111C26B55B068AEB008FA4E8552B833A4FB19799F440E31DAADC77A4EF78D1548340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C79A0B4C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                  • Opcode ID: 49fb905a3f19960e75a3b58e4bc55de85c056c642bf6e9c17ad93766622785f7
                                                                                                                                                                                                                                                                  • Instruction ID: c7ee1b21a7ef355fe5a51cfd4082bf973aa64b5589e72cc0cb76073338dacd89
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49fb905a3f19960e75a3b58e4bc55de85c056c642bf6e9c17ad93766622785f7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7441D522B19B4282EB109F69E8453AAB7A0FB987D5F844031EE8DC7795EF7CD401C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF6C797BAB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.3504232441.00007FF6C78C1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6C78C0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504194537.00007FF6C78C0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504375631.00007FF6C79D1000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504464720.00007FF6C7A35000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504505462.00007FF6C7A37000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504535132.00007FF6C7A3A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000001.00000002.3504563927.00007FF6C7A40000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ff6c78c0000_avast_free_antivirus_setup_online_x64.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                  • Opcode ID: 7c125bd4f6e4af7f8638ae7d265f6471ca0060ccfa351db131177b8e71ce99dd
                                                                                                                                                                                                                                                                  • Instruction ID: 45bc03a12041b913cc3cd914f6755ed661ca929cc82366c3e32e44e729e5a193
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c125bd4f6e4af7f8638ae7d265f6471ca0060ccfa351db131177b8e71ce99dd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67113A32618B8682EB218F25F44026AB7E5FB88B95F594230EECC47B59EF3CD551CB04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                                  Execution Coverage:3.8%
                                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                  Signature Coverage:0.7%
                                                                                                                                                                                                                                                                  Total number of Nodes:1875
                                                                                                                                                                                                                                                                  Total number of Limit Nodes:107
                                                                                                                                                                                                                                                                  execution_graph 68998 7ffdf80c5870 GetDlgCtrlID 68999 7ffdf80c58f6 GetDlgCtrlID 68998->68999 69000 7ffdf80c58de 68998->69000 69001 7ffdf80c593c GetParent SendMessageA 68999->69001 69002 7ffdf80c591e 68999->69002 69000->68999 69001->69002 69003 7ffdf80c5964 IsWindow 69002->69003 69004 7ffdf80c5972 69002->69004 69003->69004 69014 7ffdf80c59c9 69004->69014 69020 7ffdf81f9c60 69004->69020 69010 7ffdf80c5a04 69027 7ffdf80c5ef0 10 API calls _log10_special 69010->69027 69012 7ffdf80c5a42 69013 7ffdf80c5a4b 69012->69013 69012->69014 69028 7ffdf8148c60 38 API calls 69013->69028 69029 7ffdf8333b80 69014->69029 69016 7ffdf80c5a70 SendMessageA GetWindowRect GetDlgCtrlID 69017 7ffdf80c5aea 69016->69017 69018 7ffdf80c5b1c GetParent SendMessageA 69017->69018 69019 7ffdf80c5b02 69017->69019 69018->69019 69019->69014 69023 7ffdf81f9ca3 69020->69023 69025 7ffdf81f9d5f 69020->69025 69021 7ffdf8333b80 _log10_special 8 API calls 69022 7ffdf80c59f9 69021->69022 69026 7ffdf80c5fd0 12 API calls 69022->69026 69038 7ffdf8149240 71 API calls _log10_special 69023->69038 69025->69021 69026->69010 69027->69012 69028->69016 69031 7ffdf8333b89 69029->69031 69030 7ffdf80c5b5f 69031->69030 69032 7ffdf8334230 IsProcessorFeaturePresent 69031->69032 69033 7ffdf8334248 69032->69033 69039 7ffdf8334424 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 69033->69039 69035 7ffdf833425b 69040 7ffdf83341f8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 69035->69040 69038->69025 69039->69035 69041 7ffdf80c3470 69048 7ffdf818a8a0 __std_exception_copy 69041->69048 69042 7ffdf8333b80 _log10_special 8 API calls 69043 7ffdf818ae0e 69042->69043 69044 7ffdf818ad73 69045 7ffdf818adca 69044->69045 69053 7ffdf80c3570 69044->69053 69045->69042 69046 7ffdf80c52b0 8 API calls 69046->69048 69048->69044 69048->69045 69048->69046 69050 7ffdf817fc70 8 API calls 69048->69050 69060 7ffdf8189b90 8 API calls _log10_special 69048->69060 69061 7ffdf818a740 8 API calls 69048->69061 69062 7ffdf80e3060 8 API calls _log10_special 69048->69062 69050->69048 69057 7ffdf80c35a1 69053->69057 69058 7ffdf80c3632 __std_exception_copy 69053->69058 69054 7ffdf8333b80 _log10_special 8 API calls 69055 7ffdf80c3656 69054->69055 69055->69045 69056 7ffdf80c361a UpdateWindow 69056->69058 69057->69056 69057->69058 69059 7ffdf80c3604 UpdateWindow 69057->69059 69058->69054 69059->69056 69059->69057 69060->69048 69061->69048 69062->69048 70967 7ffdf80c1730 GetCursorPos WindowFromPoint 70968 7ffdf80c1775 70967->70968 70972 7ffdf80c176c 70967->70972 70975 7ffdf80c1690 11 API calls _log10_special 70968->70975 70970 7ffdf80c177d 70970->70972 70971 7ffdf80c17de 70972->70971 70973 7ffdf80c17a9 ScreenToClient 70972->70973 70974 7ffdf80c17d3 70973->70974 70975->70970 69063 7ffdf80b6a70 69075 7ffdf80b6720 69063->69075 69065 7ffdf80b6ab3 69066 7ffdf80b6abc EnterCriticalSection 69065->69066 69067 7ffdf80b6b1e KillTimer 69065->69067 69068 7ffdf80b6ae3 69066->69068 69069 7ffdf80b6b02 69066->69069 69070 7ffdf80b6b2b 69067->69070 69073 7ffdf80b6b13 LeaveCriticalSection 69068->69073 69074 7ffdf80b6af4 KillTimer 69068->69074 69069->69073 69071 7ffdf8333b80 _log10_special 8 API calls 69070->69071 69072 7ffdf80b6b5a 69071->69072 69073->69070 69074->69073 69081 7ffdf80b66a0 69075->69081 69082 7ffdf80b66c9 69081->69082 69083 7ffdf80b670f EnterCriticalSection 69081->69083 69098 7ffdf8333ff4 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 69082->69098 69090 7ffdf80b65b0 69083->69090 69091 7ffdf80b65dd 69090->69091 69092 7ffdf80b6692 LeaveCriticalSection 69090->69092 69099 7ffdf8333ff4 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 69091->69099 69092->69065 69100 7ffdf80b6e70 69101 7ffdf80b6e85 69100->69101 69102 7ffdf80b6e7c EnterCriticalSection 69100->69102 69103 7ffdf80b6ea8 69101->69103 69104 7ffdf80b8a20 69101->69104 69102->69101 69106 7ffdf80b7ee7 69103->69106 69114 7ffdf80be790 GetDlgCtrlID 69103->69114 69104->69106 69109 7ffdf80b8a5d SetFocus 69104->69109 69107 7ffdf80b85a5 LeaveCriticalSection 69106->69107 69108 7ffdf80b85af 69106->69108 69107->69108 69112 7ffdf8333b80 _log10_special 8 API calls 69108->69112 69110 7ffdf80b8a7b 69109->69110 69123 7ffdf815a270 8 API calls _log10_special 69110->69123 69113 7ffdf80b85e3 69112->69113 69115 7ffdf80be819 GetParent SendMessageA 69114->69115 69116 7ffdf80be7fd 69114->69116 69115->69116 69117 7ffdf80be862 69116->69117 69124 7ffdf80bef00 GetAsyncKeyState GetAsyncKeyState GetAsyncKeyState 69116->69124 69120 7ffdf8333b80 _log10_special 8 API calls 69117->69120 69119 7ffdf80be850 69125 7ffdf8159610 69119->69125 69122 7ffdf80be87f 69120->69122 69122->69106 69123->69106 69124->69119 69129 7ffdf8159668 69125->69129 69131 7ffdf8159661 69125->69131 69126 7ffdf8333b80 _log10_special 8 API calls 69127 7ffdf815984a 69126->69127 69127->69117 69132 7ffdf81597c0 69129->69132 69134 7ffdf80c7c80 8 API calls _log10_special 69129->69134 69131->69126 69132->69131 69133 7ffdf8159940 10 API calls _log10_special 69132->69133 69133->69131 69134->69132 69135 7ffdf8192180 69136 7ffdf81921d1 69135->69136 69138 7ffdf81921ea 69136->69138 69141 7ffdf81f1920 69136->69141 69139 7ffdf8333b80 _log10_special 8 API calls 69138->69139 69140 7ffdf8192259 69139->69140 69142 7ffdf81f1966 69141->69142 69159 7ffdf81f1ed8 69141->69159 69161 7ffdf8334144 69142->69161 69144 7ffdf8333b80 _log10_special 8 API calls 69145 7ffdf81f2046 69144->69145 69145->69138 69146 7ffdf81f1970 memcpy_s 69147 7ffdf83341f0 Concurrency::cancel_current_task EnterCriticalSection 69146->69147 69148 7ffdf81f19a7 69146->69148 69147->69148 69149 7ffdf818f580 53 API calls 69148->69149 69151 7ffdf81f1a13 69149->69151 69150 7ffdf80f3af0 FindResourceA LoadResource LockResource SizeofResource 69155 7ffdf81f1a93 __std_exception_copy memcpy_s 69150->69155 69151->69150 69152 7ffdf82996bc Concurrency::cancel_current_task EnterCriticalSection 69153 7ffdf81f1d6a __std_exception_copy memcpy_s 69152->69153 69154 7ffdf83341f0 Concurrency::cancel_current_task EnterCriticalSection 69153->69154 69156 7ffdf81f1dd7 69153->69156 69154->69156 69155->69152 69155->69159 69157 7ffdf83341f0 Concurrency::cancel_current_task EnterCriticalSection 69156->69157 69158 7ffdf81f1e5d 69156->69158 69157->69158 69158->69159 69160 7ffdf83341f0 Concurrency::cancel_current_task EnterCriticalSection 69158->69160 69159->69144 69160->69159 69162 7ffdf833414f 69161->69162 69163 7ffdf833416e Concurrency::cancel_current_task 69162->69163 69166 7ffdf837ad70 69162->69166 69169 7ffdf837adac 69166->69169 69168 7ffdf837ad7e 69168->69162 69172 7ffdf837b118 EnterCriticalSection 69169->69172 69171 7ffdf837adb9 69171->69168 70980 7ffdf837e968 70986 7ffdf837e4a0 70980->70986 70983 7ffdf837e9ab 70985 7ffdf837e9d2 GetLocaleInfoW 70985->70983 70987 7ffdf837e501 70986->70987 70993 7ffdf837e4fc 70986->70993 70987->70983 70996 7ffdf837ed5c LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 70987->70996 70988 7ffdf837e530 LoadLibraryExW 70989 7ffdf837e605 70988->70989 70990 7ffdf837e555 GetLastError 70988->70990 70991 7ffdf837e625 GetProcAddress 70989->70991 70992 7ffdf837e61c FreeLibrary 70989->70992 70990->70993 70991->70987 70994 7ffdf837e636 70991->70994 70992->70991 70993->70987 70993->70988 70993->70991 70995 7ffdf837e58f LoadLibraryExW 70993->70995 70994->70987 70995->70989 70995->70993 70996->70985 70997 7ff684c98e4a GetCurrentProcessId 70998 7ff684c98e57 70997->70998 71016 7ff684df0260 70998->71016 71001 7ff684c98e6c 71002 7ff684c97900 78 API calls 71001->71002 71003 7ff684c98eaf 71002->71003 71006 7ff684c98fc3 InstupInit 71003->71006 71004 7ff684c98f39 71027 7ff684ca1dd0 71004->71027 71008 7ff684c98fcf 71006->71008 71010 7ff684ca1dd0 78 API calls 71008->71010 71009 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 71009->71006 71011 7ff684c99072 71010->71011 71012 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 71011->71012 71013 7ff684c99388 71012->71013 71014 7ff684e4c780 DName::DName 8 API calls 71013->71014 71015 7ff684c99396 71014->71015 71024 7ff684df0298 71016->71024 71017 7ff684df0300 CreateFileW 71018 7ff684df033f GetLastError 71017->71018 71017->71024 71019 7ff684df040c 71018->71019 71020 7ff684df0414 CloseHandle 71019->71020 71021 7ff684df041f 71019->71021 71020->71021 71023 7ff684e4c780 DName::DName 8 API calls 71021->71023 71022 7ff684df0383 DeviceIoControl 71022->71024 71025 7ff684df03f6 GetLastError 71022->71025 71026 7ff684c98e64 71023->71026 71024->71017 71024->71019 71024->71022 71025->71019 71026->71001 71026->71004 71028 7ff684c97900 78 API calls 71027->71028 71030 7ff684ca1e20 71028->71030 71029 7ff684e4c780 DName::DName 8 API calls 71031 7ff684c98fb8 71029->71031 71035 7ff684ca1eb1 71030->71035 71036 7ff684caa5e0 44 API calls DName::DName 71030->71036 71031->71009 71033 7ff684ca1e62 71034 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 71033->71034 71034->71035 71035->71029 71036->71033 69173 7ffdf80debf0 69174 7ffdf80dec2f 69173->69174 69179 7ffdf80deac0 69174->69179 69176 7ffdf8333b80 _log10_special 8 API calls 69177 7ffdf80deceb 69176->69177 69180 7ffdf80deae8 69179->69180 69181 7ffdf80deb5b 69180->69181 69183 7ffdf80dea00 69180->69183 69181->69176 69184 7ffdf80dea3e 69183->69184 69185 7ffdf8333b80 _log10_special 8 API calls 69184->69185 69186 7ffdf80deaa9 69185->69186 69186->69181 69187 7ffdf80c90f0 69188 7ffdf80c9252 GetWindowLongPtrA GetWindow 69187->69188 69189 7ffdf80c912e 69187->69189 69251 7ffdf80b6830 69188->69251 69191 7ffdf80c91c7 IsWindow 69189->69191 69192 7ffdf80c9137 69189->69192 69196 7ffdf80c91d8 GetClientRect GetWindow IsWindow 69191->69196 69205 7ffdf80c914c 69191->69205 69194 7ffdf80c913c 69192->69194 69195 7ffdf80c9151 IsWindow 69192->69195 69194->69205 69208 7ffdf80c8bc0 SetWindowLongPtrA 69194->69208 69198 7ffdf80c9162 GetWindowLongPtrA 69195->69198 69195->69205 69199 7ffdf80c9216 SetWindowPos 69196->69199 69196->69205 69197 7ffdf80c9297 EnterCriticalSection LeaveCriticalSection 69206 7ffdf80c92b8 69197->69206 69201 7ffdf80c9175 69198->69201 69202 7ffdf80c91b7 EndDialog 69198->69202 69199->69205 69201->69202 69201->69205 69202->69205 69203 7ffdf8333b80 _log10_special 8 API calls 69204 7ffdf80c9353 69203->69204 69205->69203 69206->69205 69256 7ffdf80d3e60 11 API calls 69206->69256 69264 7ffdf80f29d0 29 API calls _log10_special 69208->69264 69210 7ffdf80c8c1e CreateWindowExA 69211 7ffdf80c8ca1 69210->69211 69212 7ffdf80c8c6f 69210->69212 69214 7ffdf80c8d39 69211->69214 69215 7ffdf80c8cba 69211->69215 69250 7ffdf80c906b 69211->69250 69265 7ffdf80b9640 21 API calls 69212->69265 69257 7ffdf80b9310 69214->69257 69219 7ffdf80b6830 19 API calls 69215->69219 69216 7ffdf8333b80 _log10_special 8 API calls 69220 7ffdf80c90c9 69216->69220 69217 7ffdf80c8c7b 69217->69211 69221 7ffdf80c8cbf 69219->69221 69220->69205 69222 7ffdf80c8cec 69221->69222 69223 7ffdf80c8cc7 EnterCriticalSection 69221->69223 69225 7ffdf80b6830 19 API calls 69222->69225 69266 7ffdf80be030 116 API calls _log10_special 69223->69266 69227 7ffdf80c8cfa 69225->69227 69226 7ffdf80c8cdf LeaveCriticalSection 69226->69222 69228 7ffdf80c8d02 EnterCriticalSection LeaveCriticalSection 69227->69228 69229 7ffdf80c8d23 69227->69229 69228->69229 69230 7ffdf80c8d7f 69229->69230 69229->69250 69267 7ffdf80d3a90 EnterCriticalSection LeaveCriticalSection Concurrency::cancel_current_task EnterCriticalSection 69229->69267 69268 7ffdf80c9820 55 API calls _log10_special 69230->69268 69233 7ffdf80c8d8f 69234 7ffdf80c8e42 69233->69234 69269 7ffdf80cfec0 8 API calls 3 library calls 69233->69269 69270 7ffdf80b91c0 21 API calls 69234->69270 69237 7ffdf80c8e57 69271 7ffdf80b9230 21 API calls 69237->69271 69239 7ffdf80c8e63 GetWindowLongA GetWindowLongA AdjustWindowRectEx 69240 7ffdf80c8f51 69239->69240 69241 7ffdf80c8ec2 GetParent GetWindowRect 69239->69241 69243 7ffdf80c8f69 GetDesktopWindow GetClientRect 69240->69243 69245 7ffdf80c8f01 69240->69245 69241->69245 69242 7ffdf80c8de4 69246 7ffdf80c8e06 __std_exception_copy 69242->69246 69272 7ffdf82990fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 69242->69272 69243->69245 69244 7ffdf80c8e30 SetWindowTextA 69244->69234 69273 7ffdf80e4bc0 9 API calls _log10_special 69245->69273 69246->69244 69249 7ffdf80c8ff2 SetWindowPos GetClientRect SetWindowPos 69249->69250 69250->69216 69252 7ffdf80b6720 11 API calls 69251->69252 69253 7ffdf80b6861 69252->69253 69254 7ffdf8333b80 _log10_special 8 API calls 69253->69254 69255 7ffdf80b6899 69254->69255 69255->69197 69255->69206 69256->69205 69258 7ffdf80b6830 19 API calls 69257->69258 69259 7ffdf80b932e 69258->69259 69260 7ffdf80b9336 69259->69260 69261 7ffdf80b933c EnterCriticalSection 69259->69261 69260->69222 69274 7ffdf80bddc0 69261->69274 69264->69210 69265->69217 69266->69226 69267->69230 69268->69233 69269->69242 69270->69237 69271->69239 69272->69246 69273->69249 69275 7ffdf80bddfc 69274->69275 69286 7ffdf80bdeb9 69274->69286 69280 7ffdf80bde16 69275->69280 69275->69286 69307 7ffdf80c32a0 8 API calls _log10_special 69275->69307 69278 7ffdf8333b80 _log10_special 8 API calls 69279 7ffdf80b9366 LeaveCriticalSection 69278->69279 69279->69222 69288 7ffdf8299f30 69280->69288 69284 7ffdf80bde70 69302 7ffdf8156be0 69284->69302 69287 7ffdf80bded3 69286->69287 69308 7ffdf8156da0 22 API calls _log10_special 69286->69308 69287->69278 69289 7ffdf8299f7c 69288->69289 69309 7ffdf80d82b0 69289->69309 69291 7ffdf8299fb4 69313 7ffdf8298a34 69291->69313 69293 7ffdf8299fd0 __std_exception_copy memcpy_s 69294 7ffdf8333b80 _log10_special 8 API calls 69293->69294 69295 7ffdf80bde59 69294->69295 69296 7ffdf829a660 69295->69296 69301 7ffdf829a6ab 69296->69301 69297 7ffdf8333b80 _log10_special 8 API calls 69298 7ffdf829a83a 69297->69298 69298->69284 69300 7ffdf829a80a __std_exception_copy 69300->69297 69301->69300 69323 7ffdf8298960 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 69301->69323 69324 7ffdf80ca7f0 69302->69324 69304 7ffdf8156c1f 69305 7ffdf8333b80 _log10_special 8 API calls 69304->69305 69306 7ffdf8156ccb 69305->69306 69306->69286 69307->69280 69308->69287 69310 7ffdf80d82e2 69309->69310 69312 7ffdf80d82eb memcpy_s 69310->69312 69317 7ffdf83341f0 69310->69317 69312->69291 69314 7ffdf8298a50 69313->69314 69316 7ffdf8298a58 memcpy_s 69313->69316 69322 7ffdf8298904 Concurrency::cancel_current_task EnterCriticalSection 69314->69322 69316->69293 69318 7ffdf8334144 69317->69318 69319 7ffdf833416e Concurrency::cancel_current_task 69318->69319 69320 7ffdf837ad70 wcsftime EnterCriticalSection 69318->69320 69320->69318 69322->69316 69323->69300 69325 7ffdf80ca81f 69324->69325 69327 7ffdf80ca84a 69324->69327 69326 7ffdf83341f0 2 API calls 69325->69326 69325->69327 69326->69327 69327->69304 69328 7ffdf80d1370 69330 7ffdf80d1390 69328->69330 69329 7ffdf80d13f6 69330->69329 69331 7ffdf80d13fb EnterCriticalSection 69330->69331 69332 7ffdf80d1414 69331->69332 69335 7ffdf8189d20 69332->69335 69334 7ffdf80d1448 LeaveCriticalSection 69334->69329 69336 7ffdf8189d55 69335->69336 69348 7ffdf8189e97 69335->69348 69337 7ffdf818a3a3 69336->69337 69339 7ffdf8189d8c 69336->69339 69336->69348 69350 7ffdf80c52b0 69337->69350 69340 7ffdf80c52b0 8 API calls 69339->69340 69339->69348 69343 7ffdf8189ded 69340->69343 69341 7ffdf818a3b6 69342 7ffdf80c52b0 8 API calls 69341->69342 69342->69348 69346 7ffdf8189f9c 69343->69346 69343->69348 69360 7ffdf816d080 8 API calls 3 library calls 69343->69360 69345 7ffdf80c52b0 8 API calls 69349 7ffdf818a11d 69345->69349 69346->69345 69346->69348 69346->69349 69347 7ffdf80e3060 8 API calls 69347->69349 69348->69334 69349->69347 69349->69348 69351 7ffdf80c5370 69350->69351 69352 7ffdf80c52cd 69350->69352 69351->69341 69352->69351 69355 7ffdf80c53ec 69352->69355 69357 7ffdf80c53d5 69352->69357 69353 7ffdf81fff39 69353->69341 69354 7ffdf80c52b0 8 API calls 69354->69355 69355->69351 69355->69354 69357->69353 69359 7ffdf80c52b0 8 API calls 69357->69359 69361 7ffdf80e3060 8 API calls _log10_special 69357->69361 69362 7ffdf816a7e0 8 API calls _log10_special 69357->69362 69359->69357 69360->69343 69361->69357 69362->69357 69363 7ff684c92080 69366 7ff684de14d0 GetModuleHandleW GetProcAddress 69363->69366 69365 7ff684c92089 69367 7ff684de151f GetProcAddress 69366->69367 69368 7ff684de1608 GetLastError 69366->69368 69370 7ff684de1543 GetProcAddress 69367->69370 69371 7ff684de1645 GetLastError 69367->69371 69369 7ff684ca0ef0 45 API calls 69368->69369 69372 7ff684de1634 69369->69372 69374 7ff684de1682 GetLastError 69370->69374 69375 7ff684de1567 GetProcAddress 69370->69375 69373 7ff684ca0ef0 45 API calls 69371->69373 69376 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69372->69376 69377 7ff684de1671 69373->69377 69380 7ff684ca0ef0 45 API calls 69374->69380 69378 7ff684de16bf GetLastError 69375->69378 69379 7ff684de158b GetProcAddress 69375->69379 69382 7ff684de1644 69376->69382 69383 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69377->69383 69381 7ff684ca0ef0 45 API calls 69378->69381 69384 7ff684de16fc GetLastError 69379->69384 69394 7ff684de15af 69379->69394 69385 7ff684de16ae 69380->69385 69386 7ff684de16eb 69381->69386 69382->69371 69388 7ff684de1681 69383->69388 69444 7ff684ca0ef0 69384->69444 69389 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69385->69389 69392 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69386->69392 69388->69374 69391 7ff684de16be 69389->69391 69391->69378 69396 7ff684de16fb 69392->69396 69459 7ff684e4c780 69394->69459 69396->69384 69398 7ff684de1769 69398->69365 69399 7ff684de1738 69399->69398 69456 7ff684dfc050 69399->69456 69402 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69403 7ff684de1792 GetCurrentThread OpenThreadToken 69402->69403 69404 7ff684de1818 69403->69404 69405 7ff684de17d9 GetLastError 69403->69405 69404->69365 69406 7ff684de1851 GetLastError 69405->69406 69407 7ff684de17e6 ImpersonateSelf 69405->69407 69410 7ff684dfc050 42 API calls 69406->69410 69408 7ff684de187c GetLastError 69407->69408 69409 7ff684de17f9 GetCurrentThread OpenThreadToken 69407->69409 69412 7ff684dfc050 42 API calls 69408->69412 69409->69404 69413 7ff684de1825 GetLastError 69409->69413 69411 7ff684de186a 69410->69411 69414 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69411->69414 69415 7ff684de1895 69412->69415 69416 7ff684dfc050 42 API calls 69413->69416 69417 7ff684de187b 69414->69417 69418 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69415->69418 69419 7ff684de183f 69416->69419 69417->69408 69442 7ff684de18a6 69418->69442 69420 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69419->69420 69421 7ff684de1850 69420->69421 69421->69406 69422 7ff684de18c7 CloseHandle 69422->69442 69423 7ff684de18e4 69427 7ff684de18f3 CloseHandle 69423->69427 69428 7ff684de18f9 69423->69428 69424 7ff684de18da RevertToSelf 69424->69423 69425 7ff684de1906 GetLastError 69424->69425 69426 7ff684dfc050 42 API calls 69425->69426 69430 7ff684de191f 69426->69430 69427->69428 69428->69365 69429 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69429->69430 69430->69429 69431 7ff684de198c LookupPrivilegeValueW 69430->69431 69432 7ff684de1b70 GetLastError 69431->69432 69468 7ff684d49930 45 API calls 69432->69468 69434 7ff684de1b9b 69435 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69434->69435 69436 7ff684de1bab GetLastError 69435->69436 69469 7ff684d49930 45 API calls 69436->69469 69438 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69438->69442 69439 7ff684de1c24 69470 7ff684c9c610 69439->69470 69476 7ff684de18b0 52 API calls Concurrency::cancel_current_task 69439->69476 69442->69422 69442->69423 69442->69424 69442->69438 69442->69439 69477 7ff684cd1270 44 API calls Concurrency::task_continuation_context::task_continuation_context 69442->69477 69478 7ff684ca9f10 69444->69478 69450 7ff684ca0f9a 69451 7ff684e4f230 69450->69451 69452 7ff684e4f24f 69451->69452 69453 7ff684e4f29a RaiseException 69452->69453 69454 7ff684e4f278 RtlPcToFileHeader 69452->69454 69453->69399 69455 7ff684e4f290 69454->69455 69455->69453 69457 7ff684ca5d10 42 API calls 69456->69457 69458 7ff684de1781 69457->69458 69458->69402 69460 7ff684e4c789 69459->69460 69461 7ff684de15f6 69460->69461 69462 7ff684e4cd70 IsProcessorFeaturePresent 69460->69462 69461->69365 69463 7ff684e4cd88 69462->69463 69553 7ff684e4cf64 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 69463->69553 69465 7ff684e4cd9b 69554 7ff684e4cd3c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 69465->69554 69468->69434 69469->69442 69471 7ff684c9c64e 69470->69471 69555 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 69471->69555 69476->69442 69481 7ff684ca9f98 69478->69481 69480 7ff684ca9ffc shared_ptr 69513 7ff684cacaf0 69480->69513 69508 7ff684c9c710 69481->69508 69485 7ff684caa0c7 69486 7ff684e4c780 DName::DName 8 API calls 69485->69486 69487 7ff684ca0f64 69486->69487 69490 7ff684ca5d10 69487->69490 69539 7ff684e4e68c 69490->69539 69493 7ff684ca5d9d 69545 7ff684e4e71c 69493->69545 69494 7ff684e4e71c __std_exception_destroy 13 API calls 69496 7ff684ca5d8f 69494->69496 69498 7ff684e4e68c __std_exception_copy 42 API calls 69496->69498 69498->69493 69499 7ff684e4c780 DName::DName 8 API calls 69500 7ff684ca0f90 69499->69500 69501 7ff684c98240 69500->69501 69502 7ff684c98259 69501->69502 69503 7ff684c9827d Concurrency::task_continuation_context::task_continuation_context 69501->69503 69502->69503 69552 7ff684e61b34 40 API calls 2 library calls 69502->69552 69503->69450 69509 7ff684c9c805 69508->69509 69510 7ff684c9c735 69508->69510 69509->69480 69510->69509 69534 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 69510->69534 69514 7ff684caa06e 69513->69514 69515 7ff684cacb1d 69513->69515 69520 7ff684cac870 69514->69520 69515->69514 69517 7ff684cacc58 69515->69517 69535 7ff684caeaf0 44 API calls DName::DName 69515->69535 69536 7ff684c966d0 44 API calls Concurrency::cancel_current_task 69517->69536 69521 7ff684cac8b3 69520->69521 69522 7ff684ca3f90 44 API calls 69521->69522 69523 7ff684cac8cf 69522->69523 69524 7ff684e4c780 DName::DName 8 API calls 69523->69524 69525 7ff684caa077 69524->69525 69525->69485 69526 7ff684ca3f90 69525->69526 69527 7ff684ca4097 69526->69527 69528 7ff684ca3fbb 69526->69528 69538 7ff684c9ed30 44 API calls _invalid_parameter_noinfo_noreturn 69527->69538 69533 7ff684ca3fd6 _Yarn 69528->69533 69537 7ff684ca82b0 44 API calls 3 library calls 69528->69537 69532 7ff684ca408c 69532->69485 69533->69485 69535->69515 69537->69532 69540 7ff684ca5d7c 69539->69540 69541 7ff684e4e6ad 69539->69541 69540->69493 69540->69494 69541->69540 69542 7ff684e4e6e2 69541->69542 69549 7ff684e61318 40 API calls 2 library calls 69541->69549 69550 7ff684e61400 13 API calls 2 library calls 69542->69550 69546 7ff684e4e72b 69545->69546 69547 7ff684ca5dac 69545->69547 69551 7ff684e61400 13 API calls 2 library calls 69546->69551 69547->69499 69549->69542 69550->69540 69551->69547 69553->69465 71037 7ff684c96e40 71040 7ff684c96e80 71037->71040 71038 7ff684c96f30 71039 7ff684c96f83 71068 7ff684c93870 42 API calls 71039->71068 71040->71038 71040->71039 71041 7ff684c96f5c 71040->71041 71043 7ff684c96ece MultiByteToWideChar 71040->71043 71048 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71041->71048 71045 7ff684c96ef3 71043->71045 71046 7ff684c96fa6 71043->71046 71044 7ff684c96f95 71047 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71044->71047 71062 7ff684c9c260 71045->71062 71069 7ff684c938b0 42 API calls 71046->71069 71047->71046 71048->71039 71051 7ff684c96f01 MultiByteToWideChar 71051->71038 71055 7ff684c96fc9 71051->71055 71052 7ff684c96fb8 71054 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71052->71054 71054->71055 71070 7ff684c938b0 42 API calls 71055->71070 71057 7ff684c96fdb 71058 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71057->71058 71059 7ff684c96fec 71058->71059 71071 7ff684dfbf00 42 API calls 71059->71071 71061 7ff684c9701b 71063 7ff684c9c2a6 71062->71063 71064 7ff684c9c28c 71062->71064 71065 7ff684c9c2bb 71063->71065 71072 7ff684ca23c0 71063->71072 71064->71051 71065->71051 71067 7ff684c9c303 71067->71051 71068->71044 71069->71052 71070->71057 71071->71061 71073 7ff684ca253c 71072->71073 71076 7ff684ca2403 71072->71076 71085 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 71073->71085 71077 7ff684ca2140 Concurrency::task_continuation_context::task_continuation_context 44 API calls 71076->71077 71082 7ff684ca2536 71076->71082 71080 7ff684ca246e _Yarn 71077->71080 71079 7ff684ca24db _Yarn Concurrency::task_continuation_context::task_continuation_context 71079->71067 71080->71079 71083 7ff684e61b34 40 API calls 2 library calls 71080->71083 71084 7ff684c93790 44 API calls 3 library calls 71082->71084 71084->71073 69556 7ff684c99980 HeapSetInformation 69735 7ff684df9f90 69556->69735 69558 7ff684c999d6 69559 7ff684c99a6f GetSystemTimeAsFileTime FileTimeToSystemTime 69558->69559 69560 7ff684c99a47 GetProcessHeap HeapSetInformation 69558->69560 69761 7ff684c9d390 69559->69761 69560->69559 69564 7ff684c99b0a GetCommandLineW 69565 7ff684c99b22 69564->69565 69565->69565 69815 7ff684c98300 69565->69815 69567 7ff684c99b38 69568 7ff684c9d390 101 API calls 69567->69568 69569 7ff684c99b52 69568->69569 69570 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69569->69570 69571 7ff684c99b5b 69570->69571 69828 7ff684d48b90 69571->69828 69574 7ff684c9c610 44 API calls 69575 7ff684c99b6f 69574->69575 69576 7ff684c98300 45 API calls 69575->69576 69577 7ff684c99ba6 69576->69577 69844 7ff684c9e740 69577->69844 69580 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69581 7ff684c99bff 69580->69581 69582 7ff684c99d8e 69581->69582 69583 7ff684c99c08 69581->69583 69584 7ff684c9e0a0 44 API calls 69582->69584 69586 7ff684c98300 45 API calls 69583->69586 69585 7ff684c99d8c 69584->69585 69588 7ff684c98300 45 API calls 69585->69588 69587 7ff684c99c36 69586->69587 69590 7ff684c9e740 100 API calls 69587->69590 69589 7ff684c99dd5 69588->69589 69593 7ff684c9e740 100 API calls 69589->69593 69591 7ff684c99c7d 69590->69591 69592 7ff684c99ce2 69591->69592 69595 7ff684c98300 45 API calls 69591->69595 69596 7ff684c9c610 44 API calls 69592->69596 69594 7ff684c99e23 69593->69594 69851 7ff684c97900 69594->69851 69598 7ff684c99cc8 69595->69598 69599 7ff684c99cf1 69596->69599 69906 7ff684c9e600 100 API calls 2 library calls 69598->69906 69601 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69599->69601 69604 7ff684c99cfa 69601->69604 69603 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69605 7ff684c99ece 69603->69605 69907 7ff684c9e0a0 69604->69907 69606 7ff684c97900 78 API calls 69605->69606 69610 7ff684c99ee4 69606->69610 69608 7ff684c99d80 69609 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69608->69609 69609->69585 69611 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69610->69611 69612 7ff684c99f51 69611->69612 69861 7ff684ca1f20 69612->69861 69615 7ff684c97900 78 API calls 69616 7ff684c99fe8 69615->69616 69617 7ff684c9a079 EnterCriticalSection 69616->69617 69866 7ff684ca1630 69617->69866 69619 7ff684c9a0b9 69620 7ff684ca1630 66 API calls 69619->69620 69625 7ff684c9a0c5 69620->69625 69623 7ff684c9a0e9 LeaveCriticalSection 69624 7ff684c9a110 69623->69624 69624->69624 69627 7ff684c98300 45 API calls 69624->69627 69625->69623 69913 7ff684c9dec0 44 API calls 4 library calls 69625->69913 69628 7ff684c9a126 69627->69628 69629 7ff684c9e740 100 API calls 69628->69629 69630 7ff684c9a173 69629->69630 69631 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69630->69631 69632 7ff684c9a17f 69631->69632 69633 7ff684c9a2bf 69632->69633 69634 7ff684c9a188 69632->69634 69917 7ff684decb60 45 API calls Concurrency::task_continuation_context::task_continuation_context 69633->69917 69635 7ff684c98300 45 API calls 69634->69635 69637 7ff684c9a1b7 69635->69637 69641 7ff684c9e740 100 API calls 69637->69641 69638 7ff684c9a319 69639 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69638->69639 69640 7ff684c9a325 69639->69640 69918 7ff684dece90 99 API calls 3 library calls 69640->69918 69643 7ff684c9a1fd 69641->69643 69645 7ff684c9a262 69643->69645 69648 7ff684c98300 45 API calls 69643->69648 69646 7ff684c9a28b 69645->69646 69915 7ff684c9dec0 44 API calls 4 library calls 69645->69915 69916 7ff684c9dec0 44 API calls 4 library calls 69646->69916 69647 7ff684c9a3d5 GetFileAttributesW 69650 7ff684c9a3f7 69647->69650 69649 7ff684c9a248 69648->69649 69914 7ff684c9e600 100 API calls 2 library calls 69649->69914 69655 7ff684c9a4fb 69650->69655 69919 7ff684decb60 45 API calls Concurrency::task_continuation_context::task_continuation_context 69650->69919 69654 7ff684c9a2b5 69656 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69654->69656 69920 7ff684c9dec0 44 API calls 4 library calls 69655->69920 69659 7ff684c9a56b 69656->69659 69883 7ff684c98b30 EnterCriticalSection 69659->69883 69661 7ff684c9a4ab Concurrency::task_continuation_context::task_continuation_context 69662 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69661->69662 69662->69655 69663 7ff684c9a584 69664 7ff684df1110 44 API calls 69663->69664 69668 7ff684c9a589 69664->69668 69665 7ff684c9a553 69669 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69665->69669 69666 7ff684c9a525 69666->69665 69921 7ff684c9dec0 44 API calls 4 library calls 69666->69921 69667 7ff684c9a457 69667->69661 69670 7ff684c9aa52 69667->69670 69672 7ff684c9a58e 69668->69672 69673 7ff684c9a5c0 69668->69673 69675 7ff684c9a55f 69669->69675 69922 7ff684e61b34 40 API calls 2 library calls 69670->69922 69677 7ff684ddc350 47 API calls 69672->69677 69680 7ff684d49480 44 API calls 69673->69680 69675->69654 69679 7ff684c9a59c 69677->69679 69682 7ff684d49290 44 API calls 69679->69682 69683 7ff684c9a5be 69680->69683 69685 7ff684c9a5b2 69682->69685 69686 7ff684decce0 54 API calls 69683->69686 69688 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69685->69688 69689 7ff684c9a5e0 69686->69689 69688->69683 69690 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69689->69690 69691 7ff684c9a5ec 69690->69691 69692 7ff684df1110 44 API calls 69691->69692 69693 7ff684c9a62b 69692->69693 69694 7ff684c9a630 69693->69694 69695 7ff684c9a662 69693->69695 69696 7ff684ddc350 47 API calls 69694->69696 69698 7ff684d49480 44 API calls 69695->69698 69697 7ff684c9a63e 69696->69697 69699 7ff684d49290 44 API calls 69697->69699 69700 7ff684c9a660 69698->69700 69701 7ff684c9a654 69699->69701 69703 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69700->69703 69702 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69701->69702 69702->69700 69705 7ff684c9a6a1 69703->69705 69704 7ff684c9ae50 78 API calls 69706 7ff684c9a821 69704->69706 69705->69704 69707 7ff684c9ae50 78 API calls 69706->69707 69708 7ff684c9a83e 69707->69708 69709 7ff684c9a859 GetSystemTimeAsFileTime FileTimeToSystemTime 69708->69709 69710 7ff684c9a88a 69709->69710 69711 7ff684ca1dd0 78 API calls 69710->69711 69712 7ff684c9a904 69711->69712 69713 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69712->69713 69714 7ff684c9a910 69713->69714 69715 7ff684ca1f20 78 API calls 69714->69715 69716 7ff684c9a95a 69715->69716 69717 7ff684e4e71c __std_exception_destroy 13 API calls 69716->69717 69718 7ff684c9a982 69717->69718 69719 7ff684c9da60 40 API calls 69718->69719 69720 7ff684c9a9e2 69719->69720 69721 7ff684c9da60 40 API calls 69720->69721 69722 7ff684c9a9ee 69721->69722 69723 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69722->69723 69724 7ff684c9a9fa 69723->69724 69725 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69724->69725 69726 7ff684c9aa06 69725->69726 69727 7ff684c9dad0 44 API calls 69726->69727 69728 7ff684c9aa12 69727->69728 69729 7ff684c9d880 44 API calls 69728->69729 69730 7ff684c9aa1e 69729->69730 69731 7ff684c9aa33 69730->69731 69732 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69730->69732 69733 7ff684e4c780 DName::DName 8 API calls 69731->69733 69732->69731 69734 7ff684c9aa44 69733->69734 69736 7ff684df9fdb 69735->69736 69750 7ff684dfa150 69735->69750 69737 7ff684df9fec 69736->69737 69741 7ff684dfa1de 69736->69741 69759 7ff684dfa03c Concurrency::task_continuation_context::task_continuation_context 69737->69759 69923 7ff684e4c8d8 69737->69923 69738 7ff684e4c780 DName::DName 8 API calls 69740 7ff684dfa1c6 69738->69740 69740->69558 69746 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 69741->69746 69742 7ff684dfa07a EnterCriticalSection 69743 7ff684dfa13a LeaveCriticalSection 69742->69743 69744 7ff684dfa0a7 69742->69744 69743->69750 69747 7ff684e4c8d8 std::_Facet_Register 44 API calls 69744->69747 69745 7ff684dfa008 InitializeCriticalSection 69748 7ff684e4c8d8 std::_Facet_Register 44 API calls 69745->69748 69749 7ff684dfa1f9 69746->69749 69751 7ff684dfa0b1 69747->69751 69752 7ff684dfa026 69748->69752 69749->69558 69750->69738 69933 7ff684df9b80 53 API calls 3 library calls 69751->69933 69932 7ff684dea1c0 44 API calls std::_Facet_Register 69752->69932 69755 7ff684dfa0be 69756 7ff684e4c8d8 std::_Facet_Register 44 API calls 69755->69756 69757 7ff684dfa0d1 69756->69757 69758 7ff684e4c8d8 std::_Facet_Register 44 API calls 69757->69758 69760 7ff684dfa0f5 Concurrency::task_continuation_context::task_continuation_context 69758->69760 69759->69742 69760->69743 69762 7ff684c9d3da 69761->69762 69768 7ff684c9d3e2 69761->69768 69763 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69762->69763 69763->69768 69764 7ff684c9d40d 69765 7ff684c9d433 69764->69765 69766 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69764->69766 69945 7ff684c9e8e0 69765->69945 69766->69764 69768->69764 69770 7ff684c9de10 44 API calls Concurrency::task_continuation_context::task_continuation_context 69768->69770 69770->69768 69771 7ff684c9d82f 69950 7ff684c9dad0 69771->69950 69775 7ff684c9d838 69777 7ff684e4c780 DName::DName 8 API calls 69775->69777 69779 7ff684c99afe 69777->69779 69796 7ff684c9de10 69779->69796 69797 7ff684c9de29 69796->69797 69798 7ff684c9de52 Concurrency::task_continuation_context::task_continuation_context 69796->69798 69797->69798 69961 7ff684e61b34 40 API calls 2 library calls 69797->69961 69798->69564 69816 7ff684c983e8 69815->69816 69817 7ff684c9833a 69815->69817 69982 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 69816->69982 69819 7ff684c98348 _Yarn 69817->69819 69820 7ff684c983ed 69817->69820 69821 7ff684c98379 69817->69821 69819->69567 69983 7ff684c93790 44 API calls 3 library calls 69820->69983 69962 7ff684ca2140 69821->69962 69824 7ff684c983f3 69826 7ff684c9843f 69824->69826 69827 7ff684c98429 HeapFree 69824->69827 69825 7ff684c98390 _Yarn 69825->69567 69826->69567 69827->69567 69829 7ff684c99b60 69828->69829 69830 7ff684d48bb2 69828->69830 69829->69574 69988 7ff684e4c850 AcquireSRWLockExclusive 69830->69988 69832 7ff684d48bbe 69832->69829 69833 7ff684df1430 54 API calls 69832->69833 69834 7ff684d48bcc 69833->69834 69835 7ff684d48450 61 API calls 69834->69835 69836 7ff684d48bd9 69835->69836 69837 7ff684d495f0 44 API calls 69836->69837 69838 7ff684d48be5 69837->69838 69839 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69838->69839 69840 7ff684d48bf0 69839->69840 69841 7ff684e4cce8 43 API calls 69840->69841 69842 7ff684d48bfc 69841->69842 69843 7ff684e4c7e4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 69842->69843 69843->69829 69845 7ff684c9e76f 69844->69845 69849 7ff684c99bf3 69844->69849 69846 7ff684e4c850 3 API calls 69845->69846 69845->69849 69993 7ff684e4a7c8 52 API calls 69845->69993 69994 7ff684e4c7e4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 69845->69994 69995 7ff684ca0d20 100 API calls 69845->69995 69846->69845 69849->69580 69996 7ff684c9dbd0 69851->69996 69853 7ff684c979ae 69858 7ff684e4e71c __std_exception_destroy 13 API calls 69853->69858 69854 7ff684c979e2 69855 7ff684e4e71c __std_exception_destroy 13 API calls 69854->69855 69857 7ff684c979dd 69855->69857 69859 7ff684e4c780 DName::DName 8 API calls 69857->69859 69858->69857 69860 7ff684c97a23 69859->69860 69860->69603 69862 7ff684c97900 78 API calls 69861->69862 69864 7ff684ca1f5a 69862->69864 69863 7ff684e4c780 DName::DName 8 API calls 69865 7ff684c99f96 69863->69865 69864->69863 69865->69615 70204 7ff684dfa7e0 69866->70204 69869 7ff684ca168f 70240 7ff684ca2c20 69869->70240 69871 7ff684ca169a GetProcessHeap 69872 7ff684ca16f1 69871->69872 69873 7ff684ca16ca 69871->69873 69876 7ff684ca1721 LeaveCriticalSection 69872->69876 69879 7ff684ca1712 HeapFree 69872->69879 69880 7ff684ca171a 69872->69880 70252 7ff684c9af70 45 API calls 3 library calls 69873->70252 69875 7ff684ca16d7 70253 7ff684e61318 40 API calls 2 library calls 69875->70253 69877 7ff684e4c780 DName::DName 8 API calls 69876->69877 69881 7ff684c9a095 69877->69881 69879->69876 69880->69876 69881->69619 69912 7ff684c9dec0 44 API calls 4 library calls 69881->69912 69882 7ff684ca16ed 69882->69872 69884 7ff684c98b7a 69883->69884 69894 7ff684c98bba Concurrency::task_continuation_context::task_continuation_context 69883->69894 70257 7ff684ca1760 81 API calls 2 library calls 69884->70257 69885 7ff684c98cf0 LeaveCriticalSection 69888 7ff684c98c20 70260 7ff684c985a0 54 API calls Concurrency::task_continuation_context::task_continuation_context 69888->70260 69889 7ff684c98b98 70258 7ff684ca1760 81 API calls 2 library calls 69889->70258 69891 7ff684c98c36 70261 7ff684ca1760 81 API calls 2 library calls 69891->70261 69894->69885 70259 7ff684ca1a90 44 API calls 3 library calls 69894->70259 69895 7ff684c98c4e 69896 7ff684c98240 45 API calls 69895->69896 69897 7ff684c98c5b 69896->69897 70262 7ff684ca1a90 44 API calls 3 library calls 69897->70262 69899 7ff684c98c64 70263 7ff684c985a0 54 API calls Concurrency::task_continuation_context::task_continuation_context 69899->70263 69901 7ff684c98c7a 70264 7ff684ca1760 81 API calls 2 library calls 69901->70264 69903 7ff684c98c92 69904 7ff684c98240 45 API calls 69903->69904 69905 7ff684c98c9f Concurrency::task_continuation_context::task_continuation_context 69904->69905 69905->69885 69906->69592 69908 7ff684c9e115 69907->69908 69911 7ff684c9e0ce _Yarn 69907->69911 70265 7ff684ca2550 44 API calls 4 library calls 69908->70265 69910 7ff684c9e12d 69910->69608 69911->69608 69912->69619 69913->69623 69914->69645 69915->69646 69916->69654 69917->69638 69918->69647 69919->69667 69920->69666 69921->69665 69927 7ff684e4c8e3 69923->69927 69924 7ff684e4c8fc 69924->69745 69926 7ff684e4c902 69928 7ff684e4c90d 69926->69928 69937 7ff684e4a2e4 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 69926->69937 69927->69924 69927->69926 69934 7ff684e70318 69927->69934 69938 7ff684c93790 44 API calls 3 library calls 69928->69938 69931 7ff684e4c913 69931->69745 69932->69759 69933->69755 69939 7ff684e70354 69934->69939 69938->69931 69944 7ff684e6fb38 EnterCriticalSection 69939->69944 69941 7ff684e70361 69942 7ff684e6fb98 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 69941->69942 69943 7ff684e70326 69942->69943 69943->69927 69946 7ff684c9d454 69945->69946 69947 7ff684c9e934 69945->69947 69946->69771 69957 7ff684c9e870 44 API calls Concurrency::task_continuation_context::task_continuation_context 69946->69957 69947->69946 69958 7ff684ca7160 44 API calls 2 library calls 69947->69958 69959 7ff684ca2260 44 API calls 4 library calls 69947->69959 69951 7ff684c9daec 69950->69951 69953 7ff684c9db42 Concurrency::task_continuation_context::task_continuation_context 69950->69953 69952 7ff684c9db11 69951->69952 69954 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 69951->69954 69952->69953 69960 7ff684e61b34 40 API calls 2 library calls 69952->69960 69953->69775 69954->69951 69958->69947 69959->69947 69963 7ff684ca2157 69962->69963 69972 7ff684ca2181 69962->69972 69964 7ff684ca2160 69963->69964 69965 7ff684ca2196 69963->69965 69967 7ff684e4c8d8 std::_Facet_Register 44 API calls 69964->69967 69984 7ff684c93790 44 API calls 3 library calls 69965->69984 69966 7ff684ca218f 69966->69825 69969 7ff684ca2168 69967->69969 69970 7ff684ca2170 69969->69970 69985 7ff684e61b34 40 API calls 2 library calls 69969->69985 69970->69825 69972->69966 69974 7ff684e70318 std::_Facet_Register 2 API calls 69972->69974 69976 7ff684e4c902 69972->69976 69974->69972 69977 7ff684e4c90d 69976->69977 69986 7ff684e4a2e4 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 69976->69986 69987 7ff684c93790 44 API calls 3 library calls 69977->69987 69981 7ff684e4c913 69981->69825 69983->69824 69984->69969 69987->69981 69990 7ff684e4c866 69988->69990 69989 7ff684e4c86b ReleaseSRWLockExclusive 69990->69989 69992 7ff684e4c870 SleepConditionVariableSRW 69990->69992 69992->69990 69993->69845 69995->69845 70004 7ff684c9e280 69996->70004 70000 7ff684c9795b 70000->69853 70000->69854 70001 7ff684c9dc05 70001->70000 70049 7ff684c93770 20 API calls 70001->70049 70005 7ff684c9e2c1 70004->70005 70032 7ff684c9e41e 70004->70032 70018 7ff684c9e3d2 70005->70018 70050 7ff684c972b0 70005->70050 70007 7ff684c9e42f 70011 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70007->70011 70009 7ff684e4c780 DName::DName 8 API calls 70010 7ff684c9dbfd 70009->70010 70034 7ff684debc90 70010->70034 70013 7ff684c9e43f 70011->70013 70014 7ff684c9e38f 70016 7ff684c9e394 WaitForSingleObject 70014->70016 70019 7ff684c9e381 70014->70019 70015 7ff684c9e2f1 70065 7ff684c9ec20 70015->70065 70016->70019 70018->70009 70019->70018 70023 7ff684c9e3b7 CloseHandle 70019->70023 70021 7ff684c9e3fe 70094 7ff684dfbf00 42 API calls 70021->70094 70022 7ff684c9e32e 70024 7ff684e4c8d8 std::_Facet_Register 44 API calls 70022->70024 70092 7ff684e4c7a0 70023->70092 70027 7ff684c9e343 70024->70027 70068 7ff684dec540 70027->70068 70028 7ff684c9e40e 70030 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70028->70030 70030->70032 70095 7ff684dfbf00 42 API calls 70032->70095 70035 7ff684debcf0 70034->70035 70041 7ff684debca6 70034->70041 70203 7ff684debeb0 42 API calls 70035->70203 70037 7ff684debcbd 70037->70001 70038 7ff684debcfb 70040 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70038->70040 70039 7ff684debcd4 70202 7ff684debe70 42 API calls 70039->70202 70043 7ff684debd0c 70040->70043 70041->70037 70041->70039 70201 7ff684c93770 20 API calls 70041->70201 70045 7ff684e4e68c __std_exception_copy 42 API calls 70043->70045 70044 7ff684debcdf 70046 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70044->70046 70047 7ff684debd4b 70045->70047 70046->70035 70047->70001 70096 7ff684debad0 70050->70096 70052 7ff684c972f1 70053 7ff684c97323 70052->70053 70054 7ff684c9730c CloseHandle 70052->70054 70056 7ff684c97345 70053->70056 70057 7ff684c9735b 70053->70057 70055 7ff684e4c7a0 Concurrency::task_continuation_context::task_continuation_context 70054->70055 70055->70053 70058 7ff684c97357 70056->70058 70059 7ff684c9734c LeaveCriticalSection 70056->70059 70060 7ff684e4c8d8 std::_Facet_Register 44 API calls 70057->70060 70062 7ff684e4c780 DName::DName 8 API calls 70058->70062 70059->70058 70061 7ff684c97365 CreateEventW 70060->70061 70061->70058 70063 7ff684c9739a LeaveCriticalSection 70061->70063 70064 7ff684c973b4 70062->70064 70063->70058 70064->70014 70064->70015 70107 7ff684c9edb0 70065->70107 70069 7ff684dec55b 70068->70069 70069->70069 70129 7ff684dec4c0 70069->70129 70073 7ff684dec575 70151 7ff684debef0 EnterCriticalSection 70073->70151 70076 7ff684debba0 70077 7ff684debad0 63 API calls 70076->70077 70078 7ff684debbdd 70077->70078 70079 7ff684debc60 70078->70079 70081 7ff684debbf0 SetEvent 70078->70081 70200 7ff684dfbf00 42 API calls 70079->70200 70083 7ff684debc0c 70081->70083 70084 7ff684debc28 Concurrency::task_continuation_context::task_continuation_context 70081->70084 70082 7ff684debc71 70085 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70082->70085 70083->70084 70086 7ff684debc11 CloseHandle 70083->70086 70087 7ff684debc45 70084->70087 70088 7ff684debc3a LeaveCriticalSection 70084->70088 70089 7ff684debc82 70085->70089 70086->70084 70090 7ff684e4c780 DName::DName 8 API calls 70087->70090 70088->70087 70091 7ff684debc52 70090->70091 70091->70019 70093 7ff684e4cd00 70092->70093 70093->70093 70094->70028 70095->70007 70097 7ff684debb7d EnterCriticalSection 70096->70097 70098 7ff684debaf9 70096->70098 70097->70052 70099 7ff684e4c8d8 std::_Facet_Register 44 API calls 70098->70099 70100 7ff684debb06 InitializeCriticalSection 70099->70100 70101 7ff684debb3f 70100->70101 70102 7ff684debb27 DeleteCriticalSection 70100->70102 70103 7ff684e4c8d8 std::_Facet_Register 44 API calls 70101->70103 70106 7ff684debb3d Concurrency::task_continuation_context::task_continuation_context 70102->70106 70104 7ff684debb49 70103->70104 70105 7ff684dec540 60 API calls 70104->70105 70105->70106 70106->70097 70108 7ff684e4c8d8 std::_Facet_Register 44 API calls 70107->70108 70109 7ff684c9edbe 70108->70109 70112 7ff684c9ee10 70109->70112 70113 7ff684c9ee64 70112->70113 70115 7ff684c9e31a 70113->70115 70116 7ff684c9f080 70113->70116 70115->70021 70115->70022 70117 7ff684c9f0be 70116->70117 70124 7ff684de9e90 70117->70124 70120 7ff684c9f18c 70121 7ff684e4c780 DName::DName 8 API calls 70120->70121 70123 7ff684c9f214 70121->70123 70123->70115 70128 7ff684de9f30 47 API calls 4 library calls 70124->70128 70126 7ff684c9f0d7 70127 7ff684e4f014 4 API calls 2 library calls 70126->70127 70127->70120 70128->70126 70130 7ff684dec4d3 70129->70130 70138 7ff684dec517 70129->70138 70164 7ff684e4cce8 70130->70164 70133 7ff684e4cce8 43 API calls 70134 7ff684dec4eb 70133->70134 70135 7ff684e4cce8 43 API calls 70134->70135 70136 7ff684dec4f7 70135->70136 70167 7ff684dfbe70 44 API calls std::_Facet_Register 70136->70167 70139 7ff684dec020 70138->70139 70140 7ff684dec034 70139->70140 70141 7ff684dec0b6 Concurrency::task_continuation_context::task_continuation_context 70139->70141 70142 7ff684e4c8d8 std::_Facet_Register 44 API calls 70140->70142 70141->70073 70143 7ff684dec050 InitializeCriticalSection 70142->70143 70143->70141 70144 7ff684dec0bb 70143->70144 70169 7ff684d06b70 60 API calls 2 library calls 70144->70169 70146 7ff684dec0c0 70170 7ff684cd1170 40 API calls 2 library calls 70146->70170 70148 7ff684dec0c9 70171 7ff684cd1170 40 API calls 2 library calls 70148->70171 70150 7ff684dec0d2 DeleteCriticalSection 70150->70141 70156 7ff684debf82 70151->70156 70158 7ff684debf47 70151->70158 70152 7ff684debff0 LeaveCriticalSection 70153 7ff684e4c780 DName::DName 8 API calls 70152->70153 70155 7ff684c9e372 70153->70155 70154 7ff684dec2e0 46 API calls 70154->70158 70155->70076 70156->70152 70157 7ff684debfa1 70156->70157 70182 7ff684d54840 44 API calls 3 library calls 70156->70182 70172 7ff684dec2e0 70157->70172 70158->70152 70158->70154 70160 7ff684debf80 70158->70160 70160->70152 70162 7ff684debfc2 70162->70152 70163 7ff684dec2e0 46 API calls 70162->70163 70163->70162 70168 7ff684e4ccac 43 API calls 70164->70168 70166 7ff684dec4df 70166->70133 70167->70138 70168->70166 70169->70146 70170->70148 70171->70150 70183 7ff684dfaa80 70172->70183 70175 7ff684dec370 70179 7ff684dec37e 70175->70179 70197 7ff684d19a20 44 API calls 3 library calls 70175->70197 70177 7ff684dec40f 70177->70179 70198 7ff684d54840 44 API calls 3 library calls 70177->70198 70180 7ff684e4c780 DName::DName 8 API calls 70179->70180 70181 7ff684dec498 70180->70181 70181->70162 70182->70157 70184 7ff684e4c8d8 std::_Facet_Register 44 API calls 70183->70184 70185 7ff684dfaad9 70184->70185 70186 7ff684dfab12 GetModuleHandleW GetProcAddress 70185->70186 70187 7ff684dfacbc 70186->70187 70188 7ff684dfab48 70186->70188 70199 7ff684dface0 42 API calls 70187->70199 70193 7ff684e4c8d8 std::_Facet_Register 44 API calls 70188->70193 70194 7ff684dfab66 70188->70194 70190 7ff684dfacc6 70191 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70190->70191 70192 7ff684dfacd7 70191->70192 70193->70194 70195 7ff684e4c780 DName::DName 8 API calls 70194->70195 70196 7ff684dec360 70195->70196 70196->70175 70196->70177 70197->70179 70198->70179 70199->70190 70200->70082 70202->70044 70203->70038 70205 7ff684dfa9af 70204->70205 70206 7ff684dfa819 70204->70206 70207 7ff684e4c780 DName::DName 8 API calls 70205->70207 70208 7ff684dfa850 GetModuleHandleW GetClassInfoExW 70206->70208 70209 7ff684ca1663 EnterCriticalSection 70207->70209 70210 7ff684dfa871 GetLastError Sleep 70208->70210 70211 7ff684dfa998 70208->70211 70209->69869 70210->70208 70212 7ff684dfa88b 70210->70212 70211->70205 70213 7ff684dfaa03 70212->70213 70214 7ff684dfa897 GetProcessHeap 70212->70214 70255 7ff684de7df0 45 API calls 70213->70255 70215 7ff684dfa8b2 HeapAlloc 70214->70215 70216 7ff684dfa8ba 70214->70216 70215->70216 70218 7ff684dfa8cc InitializeCriticalSection GetProcessHeap GetProcessHeap RegisterClassExW 70216->70218 70219 7ff684dfaa29 Concurrency::cancel_current_task 70216->70219 70220 7ff684dfa993 70218->70220 70221 7ff684dfa91a 70218->70221 70228 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70219->70228 70224 7ff684dfa7e0 45 API calls 70220->70224 70223 7ff684dfa950 DeleteCriticalSection GetProcessHeap 70221->70223 70226 7ff684dfa942 70221->70226 70227 7ff684dfa93a HeapFree 70221->70227 70222 7ff684dfaa18 70225 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70222->70225 70229 7ff684dfa975 HeapFree 70223->70229 70230 7ff684dfa97d 70223->70230 70224->70211 70225->70219 70226->70223 70227->70226 70231 7ff684dfaa45 70228->70231 70232 7ff684dfa986 GetLastError 70229->70232 70230->70232 70256 7ff684e4a304 44 API calls Concurrency::cancel_current_task 70231->70256 70232->70220 70233 7ff684dfa9d8 GetLastError 70232->70233 70234 7ff684dfa9e5 70233->70234 70254 7ff684de7df0 45 API calls 70234->70254 70238 7ff684dfa9f2 70239 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70238->70239 70239->70213 70241 7ff684dfa7e0 61 API calls 70240->70241 70244 7ff684ca2c39 70241->70244 70242 7ff684dfa7e0 61 API calls 70243 7ff684ca2cb6 70242->70243 70245 7ff684ca2cbb 70243->70245 70249 7ff684ca2ccf Concurrency::cancel_current_task 70243->70249 70244->70242 70246 7ff684dfa7e0 61 API calls 70245->70246 70248 7ff684ca2cc0 70246->70248 70247 7ff684ca2d06 70247->69871 70248->69871 70249->70247 70250 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70249->70250 70251 7ff684ca2d30 70250->70251 70252->69875 70253->69882 70254->70238 70255->70222 70257->69889 70258->69894 70259->69888 70260->69891 70261->69895 70262->69899 70263->69901 70264->69903 70265->69910 70266 7ff684ca6d00 70267 7ff684c97900 78 API calls 70266->70267 70268 7ff684ca6d3d 70267->70268 70269 7ff684e4c780 DName::DName 8 API calls 70268->70269 70270 7ff684ca6dd3 70269->70270 70271 7ff684df2630 70272 7ff684df266b 70271->70272 70275 7ff684df2681 70271->70275 70273 7ff684df269c 70274 7ff684df279b CompareStringW 70274->70275 70275->70273 70275->70274 70276 7ff684df288d CompareStringW 70275->70276 70276->70273 70276->70275 70277 7ffdf80b83eb 70278 7ffdf80b84ab 70277->70278 70279 7ffdf80b83f4 70277->70279 70282 7ffdf80b85a5 LeaveCriticalSection 70278->70282 70284 7ffdf80b85af 70278->70284 70279->70278 70280 7ffdf80b8452 SetTimer GetDoubleClickTime SetTimer 70279->70280 70286 7ffdf80bef00 GetAsyncKeyState GetAsyncKeyState GetAsyncKeyState 70280->70286 70282->70284 70283 7ffdf8333b80 _log10_special 8 API calls 70285 7ffdf80b85e3 70283->70285 70284->70283 70286->70278 70287 7ffdf8166c90 70290 7ffdf818f580 70287->70290 70291 7ffdf818f5a8 70290->70291 70304 7ffdf81977c0 70291->70304 70295 7ffdf818f64c 70348 7ffdf8199010 70295->70348 70297 7ffdf818f66d 70298 7ffdf83341f0 2 API calls 70297->70298 70299 7ffdf818f6b2 70298->70299 70300 7ffdf8334144 2 API calls 70299->70300 70301 7ffdf818f711 70300->70301 70361 7ffdf8198a80 70301->70361 70303 7ffdf8166cbd 70305 7ffdf83341f0 2 API calls 70304->70305 70306 7ffdf818f5f6 70305->70306 70307 7ffdf829a1b4 70306->70307 70308 7ffdf829a1ec 70307->70308 70365 7ffdf80c0fb0 70308->70365 70310 7ffdf829a255 70369 7ffdf8298fd0 70310->70369 70312 7ffdf829a25d memcpy_s 70372 7ffdf837afc4 70312->70372 70314 7ffdf829a2a3 70315 7ffdf829a2c7 70314->70315 70316 7ffdf829a2a7 70314->70316 70318 7ffdf837afc4 22 API calls 70315->70318 70317 7ffdf80c0fb0 2 API calls 70316->70317 70319 7ffdf829a2b6 70317->70319 70323 7ffdf829a2d9 70318->70323 70320 7ffdf80c0fb0 2 API calls 70319->70320 70325 7ffdf829a2c2 __std_exception_copy 70320->70325 70321 7ffdf829a30f 70338 7ffdf829a393 70321->70338 70384 7ffdf80bd5c0 Concurrency::cancel_current_task EnterCriticalSection 70321->70384 70323->70321 70383 7ffdf8364cc0 33 API calls wcsftime 70323->70383 70326 7ffdf8333b80 _log10_special 8 API calls 70325->70326 70328 7ffdf829a602 70326->70328 70327 7ffdf829a382 70330 7ffdf80c0fb0 2 API calls 70327->70330 70332 7ffdf829a434 70327->70332 70347 7ffdf829a4fc 70327->70347 70328->70295 70330->70332 70331 7ffdf829a32c 70331->70327 70385 7ffdf8298f60 32 API calls 70331->70385 70333 7ffdf80c0fb0 2 API calls 70332->70333 70332->70347 70333->70347 70334 7ffdf80c0fb0 2 API calls 70335 7ffdf829a59c 70334->70335 70387 7ffdf8298f60 32 API calls 70335->70387 70337 7ffdf829a5a5 70337->70325 70388 7ffdf837ae6c 22 API calls 2 library calls 70337->70388 70338->70327 70338->70332 70339 7ffdf829a4c6 70338->70339 70341 7ffdf829a4ba 70338->70341 70345 7ffdf80c0fb0 2 API calls 70338->70345 70340 7ffdf829a4e8 70339->70340 70386 7ffdf8374f8c 51 API calls 70339->70386 70343 7ffdf80c0fb0 2 API calls 70340->70343 70346 7ffdf80c0fb0 2 API calls 70341->70346 70343->70327 70345->70341 70346->70339 70347->70334 70347->70335 70392 7ffdf8198f80 70348->70392 70350 7ffdf8199050 70351 7ffdf8198f80 2 API calls 70350->70351 70352 7ffdf819905a 70351->70352 70353 7ffdf8198f80 2 API calls 70352->70353 70354 7ffdf8199064 70353->70354 70355 7ffdf83341f0 2 API calls 70354->70355 70356 7ffdf81990a0 70355->70356 70357 7ffdf83341f0 2 API calls 70356->70357 70358 7ffdf819910b 70357->70358 70359 7ffdf83341f0 2 API calls 70358->70359 70360 7ffdf8199176 70359->70360 70360->70297 70362 7ffdf8198abd 70361->70362 70363 7ffdf8334144 2 API calls 70362->70363 70364 7ffdf8198b9f 70362->70364 70363->70364 70364->70303 70366 7ffdf80c0fd0 70365->70366 70367 7ffdf83341f0 2 API calls 70366->70367 70368 7ffdf80c0feb memcpy_s 70366->70368 70367->70368 70368->70310 70370 7ffdf8298a34 2 API calls 70369->70370 70371 7ffdf8298feb 70370->70371 70371->70312 70373 7ffdf837afd1 70372->70373 70376 7ffdf837b007 70372->70376 70378 7ffdf837af78 70373->70378 70389 7ffdf836dd28 10 API calls _set_errno_from_matherr 70373->70389 70375 7ffdf837b031 70390 7ffdf836dd28 10 API calls _set_errno_from_matherr 70375->70390 70376->70375 70380 7ffdf837b056 70376->70380 70377 7ffdf837afdb 70377->70314 70378->70314 70381 7ffdf837b036 70380->70381 70391 7ffdf835f338 22 API calls wcsftime 70380->70391 70381->70314 70383->70323 70384->70331 70385->70338 70386->70340 70387->70337 70388->70337 70389->70377 70390->70381 70391->70381 70393 7ffdf83341f0 2 API calls 70392->70393 70394 7ffdf8198fc4 70393->70394 70394->70350 70395 7ffdf80c2660 EnterCriticalSection 70397 7ffdf80c26b7 70395->70397 70396 7ffdf80c277b SetTimer 70398 7ffdf80c2705 LeaveCriticalSection 70396->70398 70397->70396 70397->70398 70400 7ffdf8333b80 _log10_special 8 API calls 70398->70400 70401 7ffdf80c27c1 70400->70401 70402 7ffdf80c2960 GetDlgCtrlID 70403 7ffdf80c29b5 70402->70403 70404 7ffdf80c29c9 70403->70404 70405 7ffdf80c29e2 GetParent SendMessageA 70403->70405 70406 7ffdf8333b80 _log10_special 8 API calls 70404->70406 70405->70404 70407 7ffdf80c2a14 70406->70407 71086 7ffdf80f3aa0 71087 7ffdf80f3ad6 71086->71087 71089 7ffdf80f3aba 71086->71089 71090 7ffdf80f36c0 26 API calls _log10_special 71087->71090 71090->71089 70408 7ffdf80daf60 70411 7ffdf8212ca0 70408->70411 70412 7ffdf8212d22 70411->70412 70413 7ffdf81f9c60 71 API calls 70412->70413 70414 7ffdf8212ebe 70413->70414 70415 7ffdf8213cd0 70414->70415 70418 7ffdf8212f1e 70414->70418 70419 7ffdf8213cb1 70415->70419 70459 7ffdf81cfe40 8 API calls _log10_special 70415->70459 70417 7ffdf8213ce0 70417->70419 70460 7ffdf8132f30 27 API calls _log10_special 70417->70460 70421 7ffdf8213c7a 70418->70421 70422 7ffdf8212ff1 70418->70422 70423 7ffdf8212fc4 70418->70423 70420 7ffdf8333b80 _log10_special 8 API calls 70419->70420 70425 7ffdf80daf9c 70420->70425 70421->70419 70458 7ffdf82552f0 8 API calls 70421->70458 70452 7ffdf8212270 8 API calls 70422->70452 70451 7ffdf8212270 8 API calls 70423->70451 70427 7ffdf8212fef 70439 7ffdf8213103 70427->70439 70453 7ffdf81cfe40 8 API calls _log10_special 70427->70453 70431 7ffdf821307e 70431->70439 70454 7ffdf81d0240 8 API calls 2 library calls 70431->70454 70434 7ffdf8213096 70455 7ffdf81d0410 8 API calls 2 library calls 70434->70455 70437 7ffdf81f9c60 71 API calls 70437->70439 70439->70421 70439->70437 70441 7ffdf816a6c0 70439->70441 70445 7ffdf82129c0 70439->70445 70456 7ffdf8210ab0 8 API calls _log10_special 70439->70456 70457 7ffdf81cbe00 55 API calls 2 library calls 70439->70457 70443 7ffdf816a6ff 70441->70443 70442 7ffdf8333b80 _log10_special 8 API calls 70444 7ffdf816a7c4 70442->70444 70443->70442 70444->70439 70446 7ffdf82129ff 70445->70446 70448 7ffdf8212b64 70446->70448 70461 7ffdf8333ff4 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 70446->70461 70448->70439 70451->70427 70452->70427 70453->70431 70454->70434 70455->70439 70456->70439 70457->70439 70458->70419 70459->70417 70460->70419 71091 7ffdf80d0ba0 71093 7ffdf80d0bd0 71091->71093 71092 7ffdf8333b80 _log10_special 8 API calls 71094 7ffdf80d0d65 71092->71094 71095 7ffdf80d0c66 71093->71095 71099 7ffdf80d0c0d 71093->71099 71108 7ffdf80d0bd8 71093->71108 71096 7ffdf80d0d17 71095->71096 71097 7ffdf80d0c6f 71095->71097 71098 7ffdf80ca7f0 2 API calls 71096->71098 71109 7ffdf82996bc 71097->71109 71100 7ffdf80d0d24 71098->71100 71101 7ffdf8189d20 8 API calls 71099->71101 71123 7ffdf8186860 32 API calls 71100->71123 71101->71108 71104 7ffdf80d0ca6 memcpy_s 71105 7ffdf80ca7f0 2 API calls 71104->71105 71106 7ffdf80d0cca 71105->71106 71113 7ffdf8186550 71106->71113 71108->71092 71110 7ffdf82996e1 71109->71110 71111 7ffdf83341f0 2 API calls 71110->71111 71112 7ffdf8299712 71110->71112 71111->71112 71112->71104 71114 7ffdf818657e 71113->71114 71116 7ffdf83341f0 2 API calls 71114->71116 71117 7ffdf818659b memcpy_s 71114->71117 71122 7ffdf818666e 71114->71122 71116->71117 71124 7ffdf81ed960 71117->71124 71118 7ffdf8186608 71119 7ffdf8186645 SetTimer 71118->71119 71120 7ffdf8186658 71118->71120 71118->71122 71119->71120 71121 7ffdf8189d20 8 API calls 71120->71121 71121->71122 71122->71108 71123->71108 71125 7ffdf81ed9e6 71124->71125 71126 7ffdf81ed9c5 71124->71126 71138 7ffdf81e3fa0 71125->71138 71126->71125 71149 7ffdf82990fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 71126->71149 71130 7ffdf81eda8f 71151 7ffdf81f4ef0 32 API calls 2 library calls 71130->71151 71133 7ffdf81edaa6 71152 7ffdf81e4fb0 8 API calls _log10_special 71133->71152 71134 7ffdf8333b80 _log10_special 8 API calls 71136 7ffdf81edb88 71134->71136 71136->71118 71137 7ffdf81edacc __std_exception_copy 71137->71134 71153 7ffdf825a820 71138->71153 71140 7ffdf81e407e 71141 7ffdf8333b80 _log10_special 8 API calls 71140->71141 71145 7ffdf81e44e7 71141->71145 71142 7ffdf81e4063 71142->71140 71144 7ffdf825a820 6 API calls 71142->71144 71143 7ffdf81e402c 71143->71140 71143->71142 71146 7ffdf82996bc 2 API calls 71143->71146 71147 7ffdf81e4b7b 71144->71147 71145->71130 71145->71137 71150 7ffdf81f4c80 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71145->71150 71146->71142 71147->71140 71148 7ffdf825a820 6 API calls 71147->71148 71148->71147 71149->71125 71150->71130 71151->71133 71152->71137 71155 7ffdf825a83d 71153->71155 71188 7ffdf82595d0 71155->71188 71156 7ffdf825aac5 71157 7ffdf825ac39 71156->71157 71178 7ffdf825ab29 71156->71178 71185 7ffdf825a992 71156->71185 71158 7ffdf825ae02 71157->71158 71159 7ffdf825ac43 71157->71159 71160 7ffdf825ae0c 71158->71160 71176 7ffdf825af3d 71158->71176 71161 7ffdf825ace4 71159->71161 71170 7ffdf825ac69 71159->71170 71162 7ffdf825ae39 MultiByteToWideChar 71160->71162 71160->71185 71165 7ffdf825ad09 MultiByteToWideChar 71161->71165 71161->71185 71163 7ffdf825ae71 MultiByteToWideChar 71162->71163 71164 7ffdf825ae64 71162->71164 71182 7ffdf825aeba 71163->71182 71166 7ffdf83341f0 2 API calls 71164->71166 71168 7ffdf825ad41 MultiByteToWideChar 71165->71168 71169 7ffdf825ad34 71165->71169 71166->71163 71183 7ffdf825ad8a 71168->71183 71173 7ffdf83341f0 2 API calls 71169->71173 71170->71185 71197 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71170->71197 71171 7ffdf825ab7b 71171->71185 71195 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71171->71195 71173->71168 71176->71185 71201 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71176->71201 71177 7ffdf825abce 71196 7ffdf8259e80 Concurrency::cancel_current_task EnterCriticalSection 71177->71196 71178->71171 71178->71177 71181 7ffdf825af2e 71200 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71181->71200 71182->71181 71182->71185 71199 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71182->71199 71183->71181 71183->71185 71198 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71183->71198 71185->71143 71191 7ffdf82595f5 71188->71191 71189 7ffdf8259719 71189->71156 71190 7ffdf8259652 71190->71156 71191->71190 71192 7ffdf83341f0 2 API calls 71191->71192 71193 7ffdf8259692 71191->71193 71192->71193 71193->71189 71202 7ffdf818d430 Concurrency::cancel_current_task EnterCriticalSection memcpy_s 71193->71202 71195->71171 71196->71185 71197->71170 71198->71183 71199->71182 71200->71185 71201->71176 71202->71193 71203 7ffdf80d4420 71204 7ffdf80d4453 71203->71204 71205 7ffdf80d4474 71204->71205 71206 7ffdf80d44a0 EnterCriticalSection 71204->71206 71207 7ffdf80d44ba 71206->71207 71208 7ffdf8334144 2 API calls 71207->71208 71209 7ffdf80d44d5 71208->71209 71211 7ffdf80d4507 71209->71211 71219 7ffdf82990fc WideCharToMultiByte WideCharToMultiByte Concurrency::cancel_current_task EnterCriticalSection 71209->71219 71215 7ffdf80c10f0 71211->71215 71216 7ffdf80c113b 71215->71216 71217 7ffdf8333b80 _log10_special 8 API calls 71216->71217 71218 7ffdf80c119a LeaveCriticalSection 71217->71218 71218->71205 71219->71211 70462 7ff684c93230 InitializeCriticalSection 70467 7ff684d35bd0 70462->70467 70468 7ff684d35c0a 70467->70468 70469 7ff684d35c54 70467->70469 70470 7ff684e4c850 3 API calls 70468->70470 70471 7ff684d35c6a 70469->70471 70486 7ff684d30920 70469->70486 70472 7ff684d35c16 70470->70472 70477 7ff684e4c780 DName::DName 8 API calls 70471->70477 70472->70469 70474 7ff684d35c1f GetModuleHandleW 70472->70474 70475 7ff684d35c41 70474->70475 70476 7ff684d35c31 GetProcAddress 70474->70476 70485 7ff684e4c7e4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 70475->70485 70476->70475 70479 7ff684c9324d 70477->70479 70480 7ff684e32a50 70479->70480 70481 7ff684d35bd0 18 API calls 70480->70481 70482 7ff684e32a72 GetSystemTimes 70481->70482 70483 7ff684e4c780 DName::DName 8 API calls 70482->70483 70484 7ff684c93257 70483->70484 70491 7ff684e4b99c QueryPerformanceFrequency 70486->70491 70488 7ff684d3092f 70492 7ff684e4b980 QueryPerformanceCounter 70488->70492 70490 7ff684d30937 70490->70471 70491->70488 70492->70490 71220 7ff684c91a70 #115 71221 7ff684e4cce8 43 API calls 71220->71221 71222 7ff684c91aab 71221->71222 71223 7ff684e4c780 DName::DName 8 API calls 71222->71223 71224 7ff684c91abb 71223->71224 70493 7ff684d28a00 70494 7ff684d30920 2 API calls 70493->70494 70509 7ff684d28a4c 70494->70509 70495 7ff684d28a72 CreateFileW 70496 7ff684d28aa8 GetLastError 70495->70496 70497 7ff684d28b67 70495->70497 70498 7ff684d28b7e 70496->70498 70496->70509 70499 7ff684dfc050 42 API calls 70498->70499 70500 7ff684d28b91 70499->70500 70501 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70500->70501 70503 7ff684d28ba2 LockFileEx 70501->70503 70502 7ff684d30920 QueryPerformanceCounter QueryPerformanceFrequency 70502->70509 70504 7ff684d28be6 70503->70504 70505 7ff684d28beb GetLastError 70503->70505 70506 7ff684dfc050 42 API calls 70505->70506 70508 7ff684d28c04 70506->70508 70510 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70508->70510 70509->70495 70509->70498 70509->70502 70514 7ff684d28b55 CloseHandle 70509->70514 70517 7ff684d2c960 12 API calls 2 library calls 70509->70517 70511 7ff684d28c15 70510->70511 70518 7ff684d307b0 44 API calls DName::DName 70511->70518 70513 7ff684d28c5f 70519 7ff684d307b0 44 API calls DName::DName 70513->70519 70514->70509 70516 7ff684d28c96 70517->70509 70518->70513 70519->70516 71225 7ffdf80d1bd3 71226 7ffdf80d1bd8 71225->71226 71227 7ffdf80d1bec LeaveCriticalSection 71226->71227 71228 7ff684e73950 71229 7ff684e739b1 71228->71229 71236 7ff684e739ac __crtLCMapStringW 71228->71236 71230 7ff684e739e0 LoadLibraryExW 71232 7ff684e73ab5 71230->71232 71233 7ff684e73a05 GetLastError 71230->71233 71231 7ff684e73ad5 GetProcAddress 71231->71229 71235 7ff684e73ae6 71231->71235 71232->71231 71234 7ff684e73acc FreeLibrary 71232->71234 71233->71236 71234->71231 71235->71229 71236->71229 71236->71230 71236->71231 71237 7ff684e73a3f LoadLibraryExW 71236->71237 71237->71232 71237->71236 70520 7ffdf80dae90 70521 7ffdf80daec6 70520->70521 70522 7ffdf80daf2d 70521->70522 70525 7ffdf80daecb 70521->70525 70528 7ffdf817f1c0 70522->70528 70526 7ffdf8212ca0 114 API calls 70525->70526 70527 7ffdf80daf22 70526->70527 70529 7ffdf817f217 70528->70529 70530 7ffdf8333b80 _log10_special 8 API calls 70529->70530 70531 7ffdf80daf56 70530->70531 71238 7ffdf80d2e50 71239 7ffdf80d2e72 71238->71239 71240 7ffdf80d2e7a 71239->71240 71241 7ffdf80d2f0d 71239->71241 71242 7ffdf80d2eaa EnterCriticalSection 71239->71242 71243 7ffdf8181e40 34 API calls 71241->71243 71248 7ffdf80d2f22 71241->71248 71244 7ffdf80d2ed1 71242->71244 71245 7ffdf80d2ec4 71242->71245 71243->71248 71246 7ffdf80d2eee LeaveCriticalSection 71244->71246 71249 7ffdf8181e40 71245->71249 71250 7ffdf8181e6e 71249->71250 71251 7ffdf8181e9d 71249->71251 71250->71251 71253 7ffdf80e6520 71250->71253 71251->71244 71254 7ffdf80e6544 71253->71254 71258 7ffdf80e65b5 71253->71258 71255 7ffdf80e6588 GetFocus 71254->71255 71257 7ffdf80e656a 71254->71257 71256 7ffdf80e659f SetFocus SetForegroundWindow 71255->71256 71255->71258 71256->71258 71257->71251 71262 7ffdf815a57c 71258->71262 71263 7ffdf8189740 31 API calls _log10_special 71258->71263 71260 7ffdf8333b80 _log10_special 8 API calls 71261 7ffdf815aab8 71260->71261 71261->71251 71262->71260 71263->71262 70532 7ffdf837bdd4 70533 7ffdf837be1f 70532->70533 70537 7ffdf837bde3 wcsftime 70532->70537 70539 7ffdf836dd28 10 API calls _set_errno_from_matherr 70533->70539 70535 7ffdf837be06 HeapAlloc 70536 7ffdf837be1d 70535->70536 70535->70537 70537->70533 70537->70535 70538 7ffdf837ad70 wcsftime EnterCriticalSection 70537->70538 70538->70537 70539->70536 71264 7ff684e70b3c 71265 7ff684e70b87 71264->71265 71270 7ff684e70b4b _Getctype 71264->71270 71271 7ff684e61d6c 11 API calls _Wcrtomb 71265->71271 71267 7ff684e70b6e HeapAlloc 71268 7ff684e70b85 71267->71268 71267->71270 71269 7ff684e70318 std::_Facet_Register 2 API calls 71269->71270 71270->71265 71270->71267 71270->71269 71271->71268 71272 7ffdf8131d30 RectVisible 71273 7ffdf8131d9d 7 API calls 71272->71273 71274 7ffdf8131d8a 71272->71274 71276 7ffdf8131e06 71273->71276 71275 7ffdf8333b80 _log10_special 8 API calls 71274->71275 71277 7ffdf8131d97 71275->71277 71278 7ffdf8131e15 IntersectClipRect 71276->71278 71279 7ffdf8333b80 _log10_special 8 API calls 71278->71279 71280 7ffdf8131e60 71279->71280 70540 7ff684c97aa0 70541 7ff684c97b60 70540->70541 70541->70541 70542 7ff684c98300 45 API calls 70541->70542 70543 7ff684c97b79 70542->70543 70545 7ff684c98300 45 API calls 70543->70545 70546 7ff684c97bac GetFileAttributesW 70545->70546 70547 7ff684c97bce 70546->70547 70548 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70547->70548 70549 7ff684c97be6 70548->70549 70550 7ff684c97d65 70549->70550 70612 7ff684ca0fb0 44 API calls 70549->70612 70551 7ff684c9805f 70550->70551 70633 7ff684ca2fb0 70550->70633 70652 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 70551->70652 70555 7ff684c97dc0 70558 7ff684c9e0a0 44 API calls 70555->70558 70557 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70559 7ff684c97ca1 GetFileAttributesW 70557->70559 70560 7ff684c97dd7 70558->70560 70566 7ff684c97cc3 70559->70566 70562 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70560->70562 70561 7ff684c97bff Concurrency::task_continuation_context::task_continuation_context 70561->70557 70563 7ff684c98059 70561->70563 70565 7ff684c97e19 70562->70565 70651 7ff684e61b34 40 API calls 2 library calls 70563->70651 70569 7ff684c9e0a0 44 API calls 70565->70569 70566->70550 70567 7ff684c97900 78 API calls 70566->70567 70568 7ff684c97d19 70567->70568 70613 7ff684c97410 100 API calls 70568->70613 70571 7ff684c97e49 70569->70571 70572 7ff684c98300 45 API calls 70571->70572 70574 7ff684c97e77 70572->70574 70573 7ff684c97d30 70614 7ff684c97750 45 API calls 70573->70614 70576 7ff684c97efa 70574->70576 70578 7ff684c97e91 70574->70578 70579 7ff684c98054 70574->70579 70580 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70576->70580 70577 7ff684c97d41 70615 7ff684c97750 45 API calls 70577->70615 70584 7ff684ca2fb0 99 API calls 70578->70584 70650 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 70579->70650 70585 7ff684c97f07 CreateProcessW 70580->70585 70582 7ff684c97d4c 70616 7ff684c97750 45 API calls 70582->70616 70587 7ff684c97ecc 70584->70587 70588 7ff684c97f5e CloseHandle CloseHandle 70585->70588 70589 7ff684c97f7d 70585->70589 70591 7ff684c9e0a0 44 API calls 70587->70591 70592 7ff684c9801a 70588->70592 70593 7ff684c97900 78 API calls 70589->70593 70590 7ff684c97d5b 70617 7ff684c97530 70590->70617 70596 7ff684c97eef 70591->70596 70597 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70592->70597 70594 7ff684c97fcb 70593->70594 70647 7ff684c97410 100 API calls 70594->70647 70599 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70596->70599 70600 7ff684c98026 70597->70600 70599->70576 70602 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70600->70602 70601 7ff684c97fe4 70648 7ff684ca1290 45 API calls 70601->70648 70604 7ff684c98033 70602->70604 70606 7ff684e4c780 DName::DName 8 API calls 70604->70606 70605 7ff684c97fee GetLastError 70649 7ff684ca12e0 93 API calls 70605->70649 70608 7ff684c98044 70606->70608 70609 7ff684c98008 70610 7ff684c97530 45 API calls 70609->70610 70611 7ff684c98012 GetLastError 70610->70611 70611->70592 70612->70561 70613->70573 70614->70577 70615->70582 70616->70590 70618 7ff684c9757a 70617->70618 70619 7ff684c97562 70617->70619 70620 7ff684c98240 45 API calls 70618->70620 70619->70618 70653 7ff684c9b540 44 API calls _Yarn 70619->70653 70623 7ff684c97724 70620->70623 70622 7ff684c975ce 70624 7ff684c9c710 44 API calls 70622->70624 70629 7ff684c975d9 70622->70629 70625 7ff684e4c780 DName::DName 8 API calls 70623->70625 70626 7ff684c9763c 70624->70626 70627 7ff684c9773b 70625->70627 70654 7ff684c980d0 44 API calls 3 library calls 70626->70654 70627->70550 70631 7ff684c98240 45 API calls 70629->70631 70630 7ff684c97648 70655 7ff684c9e1e0 44 API calls _Yarn 70630->70655 70631->70618 70634 7ff684ca3011 70633->70634 70638 7ff684ca3038 _Yarn 70633->70638 70635 7ff684ca3026 70634->70635 70636 7ff684ca30a4 70634->70636 70637 7ff684ca2140 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70635->70637 70656 7ff684c93790 44 API calls 3 library calls 70636->70656 70637->70638 70638->70555 70640 7ff684ca30a9 70657 7ff684c934e0 53 API calls 70640->70657 70642 7ff684ca3105 70658 7ff684ca41f0 99 API calls 2 library calls 70642->70658 70644 7ff684ca3143 70645 7ff684e4c780 DName::DName 8 API calls 70644->70645 70646 7ff684ca3156 70645->70646 70646->70555 70647->70601 70648->70605 70649->70609 70653->70622 70654->70630 70655->70629 70656->70640 70657->70642 70658->70644 70659 7ff684dedf90 70660 7ff684dee00b 70659->70660 70661 7ff684dee038 70659->70661 70663 7ff684e4c850 3 API calls 70660->70663 70761 7ff684dee710 100 API calls Concurrency::cancel_current_task 70661->70761 70664 7ff684dee017 70663->70664 70664->70661 70790 7ff684e4a7c8 52 API calls 70664->70790 70665 7ff684dee047 70666 7ff684dee1c7 GetFileVersionInfoSizeW 70665->70666 70762 7ff684de13c0 70665->70762 70671 7ff684dee37f GetLastError 70666->70671 70682 7ff684dee202 70666->70682 70670 7ff684dee025 70791 7ff684e4c7e4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 70670->70791 70674 7ff684dfc050 42 API calls 70671->70674 70672 7ff684dee054 70675 7ff684dee05c 70672->70675 70676 7ff684dee2f8 70672->70676 70677 7ff684dee39b 70674->70677 70679 7ff684c98300 45 API calls 70675->70679 70794 7ff684dd9b00 45 API calls 70676->70794 70680 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70677->70680 70684 7ff684dee085 70679->70684 70685 7ff684dee3af 70680->70685 70681 7ff684dee21f GetFileVersionInfoW 70686 7ff684dee3b0 GetLastError 70681->70686 70687 7ff684dee238 VerQueryValueW 70681->70687 70682->70681 70683 7ff684dee33c 70688 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70683->70688 70689 7ff684c98300 45 API calls 70684->70689 70685->70686 70690 7ff684dfc050 42 API calls 70686->70690 70691 7ff684dee3e0 GetLastError 70687->70691 70692 7ff684dee260 70687->70692 70693 7ff684dee350 70688->70693 70694 7ff684dee0bb 70689->70694 70697 7ff684dee3cc 70690->70697 70695 7ff684dfc050 42 API calls 70691->70695 70698 7ff684dee410 GetLastError 70692->70698 70709 7ff684dee274 Concurrency::task_continuation_context::task_continuation_context 70692->70709 70795 7ff684e61b34 40 API calls 2 library calls 70693->70795 70779 7ff684ded230 61 API calls 3 library calls 70694->70779 70700 7ff684dee3fc 70695->70700 70703 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70697->70703 70702 7ff684dfc050 42 API calls 70698->70702 70705 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70700->70705 70701 7ff684dee0c6 70780 7ff684ded860 70701->70780 70707 7ff684dee42c 70702->70707 70703->70691 70704 7ff684dee356 70796 7ff684dfc010 42 API calls 70704->70796 70705->70698 70711 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70707->70711 70708 7ff684dee2c3 70715 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70708->70715 70709->70708 70793 7ff684dee7e0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 70709->70793 70719 7ff684dee440 70711->70719 70714 7ff684dee138 Concurrency::task_continuation_context::task_continuation_context 70720 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70714->70720 70717 7ff684dee2d1 70715->70717 70716 7ff684dee36b 70721 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70716->70721 70722 7ff684e4c780 DName::DName 8 API calls 70717->70722 70718 7ff684dee5a5 70822 7ff684dfc010 42 API calls 70718->70822 70719->70718 70797 7ff684decb60 45 API calls Concurrency::task_continuation_context::task_continuation_context 70719->70797 70723 7ff684dee18b 70720->70723 70721->70671 70725 7ff684dee2e4 70722->70725 70727 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70723->70727 70730 7ff684dee196 70727->70730 70728 7ff684dee5b6 70731 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70728->70731 70729 7ff684dee4d2 70798 7ff684decce0 70729->70798 70734 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70730->70734 70732 7ff684dee5c7 70731->70732 70736 7ff684dee5c8 GetLastError 70732->70736 70735 7ff684dee1a4 70734->70735 70738 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70735->70738 70823 7ff684d49930 45 API calls 70736->70823 70737 7ff684dee4db 70740 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70737->70740 70742 7ff684dee1af 70738->70742 70741 7ff684dee4e6 70740->70741 70744 7ff684dee4f3 CreateFileW 70741->70744 70745 7ff684dee4f0 70741->70745 70792 7ff684deda90 GetFileAttributesW SetFileAttributesW CopyFileW GetLastError Sleep 70742->70792 70743 7ff684dee5f7 70747 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70743->70747 70744->70736 70748 7ff684dee533 WriteFile 70744->70748 70745->70744 70750 7ff684dee608 70747->70750 70751 7ff684dee554 CloseHandle 70748->70751 70752 7ff684dee579 GetLastError 70748->70752 70749 7ff684dee1bf 70749->70666 70749->70704 70753 7ff684dee632 70750->70753 70824 7ff684dee7e0 GetFileAttributesW SetFileAttributesW DeleteFileW Sleep 70750->70824 70754 7ff684e4c780 DName::DName 8 API calls 70751->70754 70756 7ff684dfc050 42 API calls 70752->70756 70757 7ff684dee56d 70754->70757 70758 7ff684dee593 70756->70758 70759 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 70758->70759 70760 7ff684dee5a4 70759->70760 70760->70718 70761->70665 70763 7ff684de1434 70762->70763 70764 7ff684de13ef 70762->70764 70825 7ff684cc1ff0 70763->70825 70765 7ff684e4c850 3 API calls 70764->70765 70768 7ff684de13fb 70765->70768 70768->70763 70771 7ff684de1404 GetModuleHandleW GetProcAddress 70768->70771 70769 7ff684de1442 70772 7ff684de1453 GetCurrentProcess 70769->70772 70773 7ff684de1483 70769->70773 70770 7ff684de14ad 70774 7ff684e4c780 DName::DName 8 API calls 70770->70774 70830 7ff684e4c7e4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 70771->70830 70772->70773 70777 7ff684e4c780 DName::DName 8 API calls 70773->70777 70776 7ff684de14bc 70774->70776 70776->70672 70778 7ff684de14a4 70777->70778 70778->70672 70779->70701 70785 7ff684ded900 70780->70785 70784 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70784->70785 70785->70784 70786 7ff684ded9ef 70785->70786 70787 7ff684ded9bc GetFileAttributesW 70785->70787 70789 7ff684ded9b9 70785->70789 70833 7ff684df8f90 EnterCriticalSection 70785->70833 70844 7ff684ca9d30 44 API calls 2 library calls 70785->70844 70845 7ff684c9c470 44 API calls 3 library calls 70785->70845 70786->70693 70786->70714 70787->70789 70788 7ff684ded9dc GetFileAttributesW 70788->70786 70788->70789 70789->70785 70789->70786 70789->70787 70789->70788 70790->70670 70792->70749 70793->70708 70794->70683 70796->70716 70797->70729 70799 7ff684decd09 CreateDirectoryW 70798->70799 70800 7ff684decd06 70798->70800 70801 7ff684decd1e GetLastError 70799->70801 70802 7ff684dece77 70799->70802 70800->70799 70803 7ff684decd2b GetFileAttributesW 70801->70803 70810 7ff684decd65 70801->70810 70802->70737 70806 7ff684decd43 70803->70806 70807 7ff684decd4b SetLastError 70803->70807 70805 7ff684decd56 70805->70737 70806->70802 70806->70807 70807->70805 70809 7ff684dece14 70811 7ff684dece30 CreateDirectoryW 70809->70811 70812 7ff684dece2d 70809->70812 70810->70805 70810->70809 70813 7ff684decddf 70810->70813 70871 7ff684cac450 8 API calls 2 library calls 70810->70871 70811->70802 70814 7ff684dece3c GetLastError 70811->70814 70812->70811 70813->70810 70815 7ff684c98300 45 API calls 70813->70815 70817 7ff684dece4e GetFileAttributesW 70814->70817 70818 7ff684dece4b 70814->70818 70816 7ff684decdec CreateDirectoryW 70815->70816 70819 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 70816->70819 70820 7ff684dece60 SetLastError 70817->70820 70821 7ff684dece5c 70817->70821 70818->70817 70819->70813 70820->70737 70821->70802 70821->70820 70822->70728 70823->70743 70824->70753 70831 7ff684e9d460 70825->70831 70828 7ff684e4c780 DName::DName 8 API calls 70829 7ff684cc20bc 70828->70829 70829->70769 70829->70770 70832 7ff684cc2049 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 70831->70832 70832->70828 70834 7ff684df8fe4 70833->70834 70840 7ff684df9024 70833->70840 70835 7ff684e4c850 3 API calls 70834->70835 70836 7ff684df8ff0 70835->70836 70836->70840 70846 7ff684df7190 70836->70846 70841 7ff684df93b9 LeaveCriticalSection 70840->70841 70842 7ff684e4c780 DName::DName 8 API calls 70841->70842 70843 7ff684df9537 70842->70843 70843->70785 70844->70785 70845->70785 70870 7ff684df9a00 70846->70870 70848 7ff684df71ca GetSystemTimeAsFileTime 70850 7ff684df720c 70848->70850 70849 7ff684df7434 GetCurrentProcessId 70852 7ff684df7471 70849->70852 70850->70849 70851 7ff684df756e GetCurrentThreadId 70853 7ff684df75ab 70851->70853 70852->70851 70854 7ff684df76a8 GlobalMemoryStatusEx 70853->70854 70855 7ff684df7bd0 GetDiskFreeSpaceExW 70854->70855 70866 7ff684df76ee 70854->70866 70856 7ff684df7e42 GetSystemTimes 70855->70856 70858 7ff684df7bea 70855->70858 70857 7ff684df85d8 QueryPerformanceCounter 70856->70857 70868 7ff684df7e65 70856->70868 70859 7ff684df85ed 70857->70859 70858->70856 70860 7ff684df8acd CryptAcquireContextW 70859->70860 70861 7ff684df8af9 CryptGenRandom 70860->70861 70863 7ff684df8d95 70860->70863 70862 7ff684df8d86 CryptReleaseContext 70861->70862 70867 7ff684df8b21 70861->70867 70862->70863 70864 7ff684e4c780 DName::DName 8 API calls 70863->70864 70865 7ff684df8f79 70864->70865 70869 7ff684e4c7e4 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 70865->70869 70866->70855 70867->70862 70868->70857 70870->70848 70871->70810 71281 7ff684df1750 71282 7ff684df178a 71281->71282 71282->71282 71283 7ff684c98300 45 API calls 71282->71283 71285 7ff684df1979 71282->71285 71284 7ff684df1ce9 71283->71284 71286 7ff684c98300 45 API calls 71284->71286 71287 7ff684df1d27 71286->71287 71288 7ff684df24d6 71287->71288 71289 7ff684df2607 71287->71289 71305 7ff684df25e4 71287->71305 71290 7ff684ca2fb0 99 API calls 71288->71290 71335 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 71289->71335 71292 7ff684df250d 71290->71292 71306 7ff684ccb830 71292->71306 71295 7ff684df254c 71314 7ff684ccb630 71295->71314 71297 7ff684df256e 71323 7ff684ccafa0 71297->71323 71303 7ff684df25da 71304 7ff684c9de10 Concurrency::task_continuation_context::task_continuation_context 44 API calls 71303->71304 71304->71305 71307 7ff684ccb965 71306->71307 71311 7ff684ccb89c 71306->71311 71337 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 71307->71337 71309 7ff684ccb8aa _Yarn 71309->71295 71311->71309 71336 7ff684ccb750 44 API calls 4 library calls 71311->71336 71313 7ff684ccb924 _Yarn 71313->71295 71315 7ff684ccb68c 71314->71315 71316 7ff684ccb6a2 71315->71316 71317 7ff684ccb740 71315->71317 71318 7ff684ccb6b0 71316->71318 71338 7ff684ccb750 44 API calls 4 library calls 71316->71338 71339 7ff684c93850 44 API calls Concurrency::task_continuation_context::task_continuation_context 71317->71339 71318->71297 71322 7ff684ccb70c _Yarn 71322->71297 71340 7ff684df3770 71323->71340 71325 7ff684ccafcf 71326 7ff684ccba50 71325->71326 71327 7ff684ccbaab 71326->71327 71328 7ff684ccba6d 71326->71328 71331 7ff684ccb970 71327->71331 71328->71327 71329 7ff684ccba99 RegCloseKey 71328->71329 71329->71327 71330 7ff684ccbaa3 SetLastError 71329->71330 71330->71327 71332 7ff684ccb989 71331->71332 71333 7ff684ccb9a9 Concurrency::task_continuation_context::task_continuation_context 71331->71333 71332->71331 71332->71333 71381 7ff684e61b34 40 API calls 2 library calls 71332->71381 71333->71303 71336->71313 71338->71322 71341 7ff684df3520 71340->71341 71342 7ff684df37ab RegQueryValueExW 71341->71342 71358 7ff684df3270 71342->71358 71345 7ff684df381e 71348 7ff684df384c 71345->71348 71349 7ff684df3827 71345->71349 71346 7ff684df3809 RegCloseKey 71346->71345 71347 7ff684df3816 SetLastError 71346->71347 71347->71345 71375 7ff684df6040 42 API calls 71348->71375 71350 7ff684e4c780 DName::DName 8 API calls 71349->71350 71351 7ff684df383b 71350->71351 71351->71325 71353 7ff684df3863 71354 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71353->71354 71355 7ff684df3874 71354->71355 71356 7ff684e4e68c __std_exception_copy 42 API calls 71355->71356 71357 7ff684df38bb 71356->71357 71357->71325 71359 7ff684df329c 71358->71359 71368 7ff684df3286 71358->71368 71376 7ff684df3730 71359->71376 71363 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71363->71368 71364 7ff684df32c2 71369 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71364->71369 71366 7ff684df3293 71367 7ff684df3297 71366->71367 71373 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71366->71373 71367->71345 71367->71346 71371 7ff684df328b 71368->71371 71379 7ff684df36f0 42 API calls 71368->71379 71369->71371 71370 7ff684df32de 71372 7ff684e4f230 Concurrency::cancel_current_task 2 API calls 71370->71372 71371->71366 71380 7ff684df36b0 42 API calls 71371->71380 71372->71366 71374 7ff684df3310 71373->71374 71375->71353 71377 7ff684dfc050 42 API calls 71376->71377 71378 7ff684df32a6 71377->71378 71378->71363 71379->71364 71380->71370 70872 7ffdf80b6f8c 70873 7ffdf80b6f95 GetClientRect 70872->70873 70874 7ffdf80b7327 70872->70874 70873->70874 70875 7ffdf80b6fdd 70873->70875 70876 7ffdf80b85a5 LeaveCriticalSection 70874->70876 70877 7ffdf80b85af 70874->70877 70875->70874 70878 7ffdf80b76d1 BeginPaint EndPaint 70875->70878 70880 7ffdf80b7008 70875->70880 70876->70877 70879 7ffdf8333b80 _log10_special 8 API calls 70877->70879 70878->70874 70881 7ffdf80b85e3 70879->70881 70882 7ffdf80b7018 BeginPaint 70880->70882 70883 7ffdf80b732c GetWindowLongA 70880->70883 70892 7ffdf80b7057 memcpy_s 70882->70892 70884 7ffdf80b738c GetWindowLongA 70883->70884 70885 7ffdf80b733d 70883->70885 70887 7ffdf80b7514 70884->70887 70888 7ffdf80b73a4 BeginPaint 70884->70888 70885->70884 70886 7ffdf80b7365 BeginPaint EndPaint 70885->70886 70934 7ffdf80ef3d0 65 API calls 2 library calls 70886->70934 70919 7ffdf80b5e80 BeginPaint 70887->70919 70891 7ffdf8130e40 10 API calls 70888->70891 70893 7ffdf80b7467 70891->70893 70931 7ffdf8135540 CreateDIBSection 70892->70931 70895 7ffdf80b7473 70893->70895 70896 7ffdf80b7482 70893->70896 70935 7ffdf80b6c80 21 API calls _log10_special 70895->70935 70936 7ffdf8130f30 7 API calls 70896->70936 70901 7ffdf80b762f 70903 7ffdf80b763b 70901->70903 70904 7ffdf80b764a 70901->70904 70907 7ffdf80b6c80 21 API calls 70903->70907 70909 7ffdf8130f30 7 API calls 70904->70909 70905 7ffdf80b70d9 memcpy_s 70932 7ffdf8133820 29 API calls 70905->70932 70906 7ffdf80b7502 EndPaint 70906->70874 70907->70904 70908 7ffdf80b74d0 __std_exception_copy 70908->70906 70912 7ffdf80b7691 __std_exception_copy 70909->70912 70911 7ffdf80b71c1 SetWindowOrgEx 70913 7ffdf80b7220 70911->70913 70937 7ffdf80b6040 16 API calls _log10_special 70912->70937 70933 7ffdf81339d0 18 API calls 70913->70933 70920 7ffdf80b5eed GetClientRect 70919->70920 70921 7ffdf80b5ee2 70919->70921 70922 7ffdf80b5efa CreateCompatibleDC 70920->70922 70921->70920 70921->70922 70923 7ffdf80b5f14 13 API calls 70922->70923 70924 7ffdf80b6012 70922->70924 70923->70924 70925 7ffdf8333b80 _log10_special 8 API calls 70924->70925 70926 7ffdf80b6022 70925->70926 70926->70912 70927 7ffdf8130e40 70926->70927 70928 7ffdf8130e5e GetDC 70927->70928 70929 7ffdf8130e6c 9 API calls 70927->70929 70928->70929 70931->70905 70932->70911 70934->70874 70935->70896 70936->70908 70937->70874 70938 7ffdf80c6100 70941 7ffdf80c6132 70938->70941 70939 7ffdf8333b80 _log10_special 8 API calls 70940 7ffdf80c61a2 70939->70940 70941->70939 70942 7ffdf80c2300 70943 7ffdf80c2351 70942->70943 70948 7ffdf80c4660 EnterCriticalSection 70943->70948 70944 7ffdf80c23c1 70945 7ffdf8333b80 _log10_special 8 API calls 70944->70945 70946 7ffdf80c240e 70945->70946 70949 7ffdf80c46be 70948->70949 70950 7ffdf80c47ac SetTimer 70949->70950 70952 7ffdf80c47c0 70949->70952 70950->70952 70951 7ffdf80c47fb LeaveCriticalSection 70953 7ffdf8333b80 _log10_special 8 API calls 70951->70953 70952->70951 70954 7ffdf80c4811 70953->70954 70954->70944 70959 7ffdf80d3980 70960 7ffdf80d39a7 70959->70960 70961 7ffdf80d39e0 70960->70961 70962 7ffdf80d39e5 EnterCriticalSection 70960->70962 70963 7ffdf80d3a29 LeaveCriticalSection 70962->70963 70964 7ffdf80d39ff LeaveCriticalSection 70962->70964 70963->70961 70964->70961

                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                  Function 00007FF684C99980 Relevance: 49.9, APIs: 13, Strings: 15, Instructions: 911timememoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Time$File$CriticalSectionSystem$Heap$EnterInformation__std_exception_destroy$AttributesCommandInitializeLeaveLineProcess_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID: 13DA$A5C8$END: Avast installer/updater, return code {}$Logs$START: Avast installer/updater$\Logs\Clear.log$\Logs\Setup.log$\Logs\Update.log$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni$clear$config.def$debug$sfx$sfxstorage
                                                                                                                                                                                                                                                                  • API String ID: 2117034901-3944194623
                                                                                                                                                                                                                                                                  • Opcode ID: 075f48789ce763fc6f179f5a6cb1c8207bbfa88c2a532080bbe3d7155308dea5
                                                                                                                                                                                                                                                                  • Instruction ID: a1d38061ca68278eb636834d2ad1157ed388107ff91d10157f460155ca98a93b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 075f48789ce763fc6f179f5a6cb1c8207bbfa88c2a532080bbe3d7155308dea5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFA26E62A04BC6D9EB21DF25C8802E97774FF9474CF40413ADA4D9BAA9EF39D685C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6F8C Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 428windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 410 7ffdf80b6f8c-7ffdf80b6f8f 411 7ffdf80b6f95-7ffdf80b6fd7 GetClientRect 410->411 412 7ffdf80b85a0-7ffdf80b85a3 410->412 413 7ffdf80b8596-7ffdf80b859d 411->413 414 7ffdf80b6fdd-7ffdf80b6fe3 411->414 415 7ffdf80b85a5-7ffdf80b85ae LeaveCriticalSection 412->415 416 7ffdf80b85af-7ffdf80b85b2 412->416 413->412 414->413 418 7ffdf80b6fe9-7ffdf80b6ff0 414->418 415->416 419 7ffdf80b85b4-7ffdf80b85d0 416->419 420 7ffdf80b85d1-7ffdf80b85f6 call 7ffdf8333b80 416->420 421 7ffdf80b6ff6-7ffdf80b7002 418->421 422 7ffdf80b76d1-7ffdf80b76eb BeginPaint EndPaint 418->422 419->420 421->422 424 7ffdf80b7008-7ffdf80b7012 421->424 422->412 422->413 427 7ffdf80b7018-7ffdf80b70f9 BeginPaint call 7ffdf8397dc0 call 7ffdf80bfb00 call 7ffdf8135540 424->427 428 7ffdf80b732c-7ffdf80b733b GetWindowLongA 424->428 458 7ffdf80b70fb-7ffdf80b710b call 7ffdf80c07d0 427->458 459 7ffdf80b710d 427->459 429 7ffdf80b738c-7ffdf80b739e GetWindowLongA 428->429 430 7ffdf80b733d-7ffdf80b734b 428->430 435 7ffdf80b7514-7ffdf80b7563 call 7ffdf80b5e80 429->435 436 7ffdf80b73a4-7ffdf80b7471 BeginPaint call 7ffdf8130e40 call 7ffdf80bf2f0 429->436 432 7ffdf80b7365-7ffdf80b7387 BeginPaint EndPaint call 7ffdf80ef3d0 430->432 433 7ffdf80b734d-7ffdf80b7363 430->433 432->412 433->429 433->432 447 7ffdf80b7565-7ffdf80b7568 435->447 448 7ffdf80b756e 435->448 454 7ffdf80b7473-7ffdf80b747d call 7ffdf80b6c80 436->454 455 7ffdf80b7482-7ffdf80b74da call 7ffdf8130f30 436->455 447->448 451 7ffdf80b756a-7ffdf80b756c 447->451 452 7ffdf80b7570-7ffdf80b7572 448->452 451->452 456 7ffdf80b7578-7ffdf80b7639 call 7ffdf8130e40 call 7ffdf80bf2f0 452->456 457 7ffdf80b76c3-7ffdf80b76cc call 7ffdf80b6040 452->457 454->455 476 7ffdf80b74ec-7ffdf80b74f6 455->476 477 7ffdf80b74dc-7ffdf80b74e5 call 7ffdf835cef0 455->477 479 7ffdf80b763b-7ffdf80b7645 call 7ffdf80b6c80 456->479 480 7ffdf80b764a-7ffdf80b7670 456->480 457->412 464 7ffdf80b711a-7ffdf80b7146 458->464 459->464 469 7ffdf80b7148-7ffdf80b7181 call 7ffdf8134cb0 call 7ffdf81406f0 464->469 470 7ffdf80b7183-7ffdf80b718e 464->470 478 7ffdf80b7197-7ffdf80b72c5 call 7ffdf8397dc0 call 7ffdf8133820 SetWindowOrgEx call 7ffdf81339d0 call 7ffdf8138830 CreateCompatibleDC SelectObject BitBlt SelectObject DeleteDC EndPaint 469->478 470->478 484 7ffdf80b74f8-7ffdf80b7501 call 7ffdf835cef0 476->484 485 7ffdf80b7502-7ffdf80b750f EndPaint 476->485 477->476 511 7ffdf80b72c7-7ffdf80b72d4 478->511 512 7ffdf80b72db-7ffdf80b72e5 478->512 479->480 487 7ffdf80b767d-7ffdf80b769b call 7ffdf8130f30 480->487 484->485 485->412 499 7ffdf80b76ad-7ffdf80b76b7 487->499 500 7ffdf80b769d-7ffdf80b76a6 call 7ffdf835cef0 487->500 499->457 503 7ffdf80b76b9-7ffdf80b76c2 call 7ffdf835cef0 499->503 500->499 503->457 511->512 513 7ffdf80b72e7-7ffdf80b72f4 512->513 514 7ffdf80b72fb-7ffdf80b7305 512->514 513->514 516 7ffdf80b7307-7ffdf80b7314 514->516 517 7ffdf80b731b-7ffdf80b7327 call 7ffdf80bfed0 514->517 516->517 517->412
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetClientRect.USER32 ref: 00007FFDF80B6FAF
                                                                                                                                                                                                                                                                  • BeginPaint.USER32 ref: 00007FFDF80B701C
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8135540: CreateDIBSection.GDI32(00000000,00000000,?,?,?,00007FFDF80EF4CC), ref: 00007FFDF81355AE
                                                                                                                                                                                                                                                                  • SetWindowOrgEx.GDI32 ref: 00007FFDF80B71D3
                                                                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32 ref: 00007FFDF80B723A
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80B724D
                                                                                                                                                                                                                                                                  • BitBlt.GDI32 ref: 00007FFDF80B7292
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80B729E
                                                                                                                                                                                                                                                                  • DeleteDC.GDI32 ref: 00007FFDF80B72A7
                                                                                                                                                                                                                                                                  • EndPaint.USER32 ref: 00007FFDF80B72B4
                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32 ref: 00007FFDF80B7331
                                                                                                                                                                                                                                                                  • BeginPaint.USER32 ref: 00007FFDF80B736C
                                                                                                                                                                                                                                                                  • EndPaint.USER32 ref: 00007FFDF80B7379
                                                                                                                                                                                                                                                                  • GetWindowLongA.USER32 ref: 00007FFDF80B7394
                                                                                                                                                                                                                                                                  • EndPaint.USER32 ref: 00007FFDF80B7509
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: GetParent.USER32 ref: 00007FFDF80B6CAD
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: IsWindow.USER32 ref: 00007FFDF80B6CB9
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: MapWindowPoints.USER32 ref: 00007FFDF80B6CE9
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: GetClipBox.GDI32 ref: 00007FFDF80B6CF7
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: SaveDC.GDI32 ref: 00007FFDF80B6D00
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: GetWindowLongA.USER32 ref: 00007FFDF80B6D10
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: GetWindowRect.USER32 ref: 00007FFDF80B6D24
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: SetViewportOrgEx.GDI32 ref: 00007FFDF80B6D4F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: SetLayout.GDI32 ref: 00007FFDF80B6D5D
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: SendMessageA.USER32 ref: 00007FFDF80B6D97
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: SendMessageA.USER32 ref: 00007FFDF80B6DB1
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF80B6C80: RestoreDC.GDI32 ref: 00007FFDF80B6DBC
                                                                                                                                                                                                                                                                  • BeginPaint.USER32 ref: 00007FFDF80B73AB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetDC.USER32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130E64
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetTextAlign.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EAE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EBB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ECA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ED7
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EF3
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetBkMode.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130F06
                                                                                                                                                                                                                                                                  • BeginPaint.USER32 ref: 00007FFDF80B76D8
                                                                                                                                                                                                                                                                  • EndPaint.USER32 ref: 00007FFDF80B76E5
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FFDF80B85A8
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ObjectPaint$Window$Select$Begin$LongStock$CreateMessageRectSectionSend$AlignClientClipCompatibleCriticalDeleteLayoutLeaveModeParentPointsRestoreSaveTextViewport
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 401802432-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 5f8518def69e2a69e1573ca6c24da1a35206768f75635fc7730a504a18228d86
                                                                                                                                                                                                                                                                  • Instruction ID: fefdfbfafa626d7ef8dd4f719465c093bee9eac4cf337c9aa45c78f8785f8dba
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f8518def69e2a69e1573ca6c24da1a35206768f75635fc7730a504a18228d86
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD224C72B14BC18ADB24DF34D8A0AE833A0FB84758F404235DA5D9BBA9DF38D645E705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DF7190 Relevance: 23.1, APIs: 10, Strings: 2, Instructions: 2077encryptiontimethreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF71D6
                                                                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF7434
                                                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF756E
                                                                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF76E0
                                                                                                                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF7BDC
                                                                                                                                                                                                                                                                  • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF7E57
                                                                                                                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF85DF
                                                                                                                                                                                                                                                                  • CryptAcquireContextW.ADVAPI32 ref: 00007FF684DF8AEB
                                                                                                                                                                                                                                                                  • CryptGenRandom.ADVAPI32 ref: 00007FF684DF8B13
                                                                                                                                                                                                                                                                  • CryptReleaseContext.ADVAPI32 ref: 00007FF684DF8D8F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Crypt$ContextCurrentSystemTime$AcquireCounterDiskFileFreeGlobalMemoryPerformanceProcessQueryRandomReleaseSpaceStatusThreadTimes
                                                                                                                                                                                                                                                                  • String ID: @$Microsoft Base Cryptographic Provider v1.0
                                                                                                                                                                                                                                                                  • API String ID: 1216455848-3036034798
                                                                                                                                                                                                                                                                  • Opcode ID: fa57735537a9b1017d61a1d15f725277dd4c5318cb6fc04052fa061541c975e5
                                                                                                                                                                                                                                                                  • Instruction ID: 132be34bca69c6e561eea046d63f8b85c9b95a30d7f345e508f84bfbafa641e2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa57735537a9b1017d61a1d15f725277dd4c5318cb6fc04052fa061541c975e5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70132073A186828BDB548F2CE49027A77B0FB96345F54413AE34EC7689EF6DD915CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837E968 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                  • Opcode ID: 57f601b60a6346a5d3863b231fe6c8316fda4cde7a808b7fd6e4eb0bb92be6ef
                                                                                                                                                                                                                                                                  • Instruction ID: d7859ff9b591b1660b544845b5eab4c369df83b3ef5554d7ab3b06ea0d6323aa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57f601b60a6346a5d3863b231fe6c8316fda4cde7a808b7fd6e4eb0bb92be6ef
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E01D422F0864186E704AB56B8108AAB7E0AF85FD0F5C4035DE2D83BB9CE3CE5419385
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DF8F90 Relevance: 2.9, APIs: 2, Instructions: 380COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FF684DF8FC2
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4C850: AcquireSRWLockExclusive.KERNEL32(?,?,000001CD4F91CF00,00007FF684C985E1), ref: 00007FF684E4C860
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DF7190: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,-0000009F,00007FF684DF9003), ref: 00007FF684DF71D6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4C7E4: AcquireSRWLockExclusive.KERNEL32(?,?,000001CD4F91CF00,00007FF684C9861C), ref: 00007FF684E4C7F4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4C7E4: ReleaseSRWLockExclusive.KERNEL32(?,?,000001CD4F91CF00,00007FF684C9861C), ref: 00007FF684E4C834
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684DF951F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$AcquireCriticalSectionTime$EnterFileLeaveReleaseSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 516957425-0
                                                                                                                                                                                                                                                                  • Opcode ID: 41953c836ed5aa28c6a7ea5c3725346d4a3bed20ec0aa8e491f6388f4df98add
                                                                                                                                                                                                                                                                  • Instruction ID: 44c7fcf9c2ae1e88aa3e22e5af8639c8b7b7bd07cca26a08fb3fae78147c0633
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41953c836ed5aa28c6a7ea5c3725346d4a3bed20ec0aa8e491f6388f4df98add
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60024F72A18682CBE7158B6CE88017ABBA0FB95764F44017DE68DC7796DFACD905CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DE14D0 Relevance: 59.8, APIs: 23, Strings: 11, Instructions: 267libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 0 7ff684de14d0-7ff684de1519 GetModuleHandleW GetProcAddress 1 7ff684de151f-7ff684de153d GetProcAddress 0->1 2 7ff684de1608-7ff684de1644 GetLastError call 7ff684ca0ef0 call 7ff684e4f230 0->2 4 7ff684de1543-7ff684de1561 GetProcAddress 1->4 5 7ff684de1645-7ff684de1681 GetLastError call 7ff684ca0ef0 call 7ff684e4f230 1->5 2->5 8 7ff684de1682-7ff684de16be GetLastError call 7ff684ca0ef0 call 7ff684e4f230 4->8 9 7ff684de1567-7ff684de1585 GetProcAddress 4->9 5->8 12 7ff684de16bf-7ff684de16fb GetLastError call 7ff684ca0ef0 call 7ff684e4f230 8->12 9->12 13 7ff684de158b-7ff684de15a9 GetProcAddress 9->13 19 7ff684de16fc-7ff684de1754 GetLastError call 7ff684ca0ef0 call 7ff684e4f230 12->19 18 7ff684de15af-7ff684de15be 13->18 13->19 24 7ff684de15c0-7ff684de15c8 18->24 25 7ff684de15e7-7ff684de1607 call 7ff684e4c780 18->25 37 7ff684de1756-7ff684de1767 19->37 38 7ff684de1769-7ff684de176d 19->38 24->25 31 7ff684de15ca-7ff684de15d2 24->31 31->25 35 7ff684de15d4-7ff684de15e4 31->35 35->25 37->38 40 7ff684de176e-7ff684de17d7 call 7ff684dfc050 call 7ff684e4f230 GetCurrentThread OpenThreadToken 37->40 45 7ff684de181c-7ff684de1824 40->45 46 7ff684de17d9-7ff684de17e4 GetLastError 40->46 47 7ff684de1851-7ff684de187b GetLastError call 7ff684dfc050 call 7ff684e4f230 46->47 48 7ff684de17e6-7ff684de17f3 ImpersonateSelf 46->48 49 7ff684de187c-7ff684de18a6 GetLastError call 7ff684dfc050 call 7ff684e4f230 47->49 48->49 50 7ff684de17f9-7ff684de1816 GetCurrentThread OpenThreadToken 48->50 64 7ff684de18b0-7ff684de18c5 49->64 54 7ff684de1825-7ff684de1850 GetLastError call 7ff684dfc050 call 7ff684e4f230 50->54 55 7ff684de1818 50->55 54->47 55->45 66 7ff684de18cd-7ff684de18d8 64->66 67 7ff684de18c7 CloseHandle 64->67 68 7ff684de18e4-7ff684de18f1 66->68 69 7ff684de18da-7ff684de18e2 RevertToSelf 66->69 67->66 73 7ff684de18f3 CloseHandle 68->73 74 7ff684de18f9-7ff684de1905 68->74 69->68 70 7ff684de1906-7ff684de199a GetLastError call 7ff684dfc050 call 7ff684e4f230 LookupPrivilegeValueW 69->70 80 7ff684de1b70-7ff684de1c1e GetLastError call 7ff684d49930 call 7ff684e4f230 GetLastError call 7ff684d49930 call 7ff684e4f230 70->80 73->74 89 7ff684de1ca4-7ff684de1cc3 call 7ff684cd1270 80->89 90 7ff684de1c24-7ff684de1c40 call 7ff684c9c610 call 7ff684de1940 80->90 89->64 90->89
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$AddressProc$Thread$Handle$CloseCurrentOpenSelfToken$ImpersonateModuleRevert
                                                                                                                                                                                                                                                                  • String ID: GetProcAddress ({})$LdrLockLoaderLock$LdrUnlockLoaderLock$RtlDllShutdownInProgress$RtlGetCurrentPeb$RtlIsCriticalSectionLockedByThread$Unable to adjust token privilege '{}'!$Unable to assign the process impersonation token to the thread!$Unable to lookup privilege '{}'!$Unable to obtain the thread access token!$ntdll.dll
                                                                                                                                                                                                                                                                  • API String ID: 2587333650-4197750046
                                                                                                                                                                                                                                                                  • Opcode ID: c1942809da15b64efe451dd72b79aecbea634a861fbae2d07e0f8e438b520965
                                                                                                                                                                                                                                                                  • Instruction ID: 2c7f46f4b06c506ffe1f08e02a9b0d2fad6a893bea4d6d622f86fbb235796327
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1942809da15b64efe451dd72b79aecbea634a861fbae2d07e0f8e438b520965
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79C1F765F08A46D5EB109BA0E8C83BD73A1BF84788F54413EC94E93A68EF7CE549C350
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C98E4A Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseCreateCurrentErrorFileHandleInitInstupLastProcess__std_exception_destroy
                                                                                                                                                                                                                                                                  • String ID: ($13DA$A5C8$Cannot initialize Instup, return code {}$M$X$avast! Self-Defense trust was not acquired. Code {}$avast! Self-Defense trust was successfully acquired.
                                                                                                                                                                                                                                                                  • API String ID: 2723934490-1060576433
                                                                                                                                                                                                                                                                  • Opcode ID: 45a5f27b436f8f845e4e01d509a19d03741df7130731306ab1c68f7ce4683afa
                                                                                                                                                                                                                                                                  • Instruction ID: f38afba3190d4d191846ccbe60a58c66d8e9cbce90baa07098a61d097a1a2176
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 45a5f27b436f8f845e4e01d509a19d03741df7130731306ab1c68f7ce4683afa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E613532A08A52DAE700CF66E8802AD73B4FF89748F10493ADA0D93A64DF7CD945CB10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DE1940 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: LookupPrivilegeValue
                                                                                                                                                                                                                                                                  • String ID: Unable to adjust token privilege '{}'!$Unable to lookup privilege '{}'!$Unable to remove the impersonation token from the thread!
                                                                                                                                                                                                                                                                  • API String ID: 3899507212-1021965375
                                                                                                                                                                                                                                                                  • Opcode ID: fc3f2d7eae791347dc1621cd42532896f783be4940ef78757b8ddcce39e76b1a
                                                                                                                                                                                                                                                                  • Instruction ID: df654047c405e8b24ee9355e22796ffac77267b46d14e1b9638b08009b404048
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc3f2d7eae791347dc1621cd42532896f783be4940ef78757b8ddcce39e76b1a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B514E76B08A82D5E710DBA1E8943AD73B5FF84B88F54013ADA4E93A59DF3CD519C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DEEC00 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 217COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FolderPath
                                                                                                                                                                                                                                                                  • String ID: 3$3$Local AppData$ProgramFiles$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Unable to retrieve a path of the known folder ({})!
                                                                                                                                                                                                                                                                  • API String ID: 1514166925-2527072505
                                                                                                                                                                                                                                                                  • Opcode ID: 5ad6913c21f319c501deb90b04cdd61c4f27478e25e20fcc255519c35c236711
                                                                                                                                                                                                                                                                  • Instruction ID: 421fd5e45e1f7f66b366ddbfad20e77efbf37f37636220719d074051b89f108f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ad6913c21f319c501deb90b04cdd61c4f27478e25e20fcc255519c35c236711
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EA12D72A18BC6D1EA60DB10E4907EAA3A4FFD4344F50413AE68E83A99DF7DD549CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C5870 Relevance: 15.2, APIs: 10, Instructions: 202windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CtrlMessageSend$ParentWindow$Rect
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3091584759-0
                                                                                                                                                                                                                                                                  • Opcode ID: 93d9783cc65f0220795e75398dfc118c909231f8560b1eec1ddc0a39821f0ee0
                                                                                                                                                                                                                                                                  • Instruction ID: bb4b335c6f3dee037e596fb6a8bc6e2c36fadcc7739674f3b28ea9d7f4f3e3f5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93d9783cc65f0220795e75398dfc118c909231f8560b1eec1ddc0a39821f0ee0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F691AD76B09A4186EB08DF21D860AAD37A0FB49B84F444032DE6E577E8CF3CE545E349
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DECCE0 Relevance: 13.6, APIs: 9, Instructions: 112COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1329 7ff684decce0-7ff684decd04 1330 7ff684decd09-7ff684decd18 CreateDirectoryW 1329->1330 1331 7ff684decd06 1329->1331 1332 7ff684decd1e-7ff684decd29 GetLastError 1330->1332 1333 7ff684dece77-7ff684dece85 1330->1333 1331->1330 1334 7ff684decd65-7ff684decd68 1332->1334 1335 7ff684decd2b-7ff684decd30 1332->1335 1338 7ff684decd6a-7ff684decd7d 1334->1338 1339 7ff684decd56-7ff684decd64 1334->1339 1336 7ff684decd35-7ff684decd41 GetFileAttributesW 1335->1336 1337 7ff684decd32 1335->1337 1340 7ff684decd43-7ff684decd45 1336->1340 1341 7ff684decd4b-7ff684decd50 SetLastError 1336->1341 1337->1336 1342 7ff684decd80-7ff684decd8f 1338->1342 1340->1333 1340->1341 1341->1339 1343 7ff684decd94-7ff684decdb7 call 7ff684cac450 1342->1343 1344 7ff684decd91 1342->1344 1347 7ff684dece14-7ff684dece2b 1343->1347 1348 7ff684decdb9-7ff684decddd 1343->1348 1344->1343 1349 7ff684dece30-7ff684dece3a CreateDirectoryW 1347->1349 1350 7ff684dece2d 1347->1350 1351 7ff684decde2-7ff684dece0f call 7ff684c98300 CreateDirectoryW call 7ff684c9de10 1348->1351 1352 7ff684decddf 1348->1352 1349->1333 1353 7ff684dece3c-7ff684dece49 GetLastError 1349->1353 1350->1349 1351->1342 1352->1351 1356 7ff684dece4e-7ff684dece5a GetFileAttributesW 1353->1356 1357 7ff684dece4b 1353->1357 1359 7ff684dece60-7ff684dece76 SetLastError 1356->1359 1360 7ff684dece5c-7ff684dece5e 1356->1360 1357->1356 1360->1333 1360->1359
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateDirectory$AttributesFile
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2650082360-0
                                                                                                                                                                                                                                                                  • Opcode ID: 19b1f99b811ab83084c1f30bea47b9700e0085b431ec0c79540f97e1c2b46c5e
                                                                                                                                                                                                                                                                  • Instruction ID: 67f916f378874a9b676bd1f8f56ae5d3647b463072b9ee0045a0ea2f601c3e2b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19b1f99b811ab83084c1f30bea47b9700e0085b431ec0c79540f97e1c2b46c5e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27415C72E08A82C1EB109F25E4C427DA3A1FF85F94F484639DA5E93698DF3CE496C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8131D30 Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RectVisible.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131D80
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DB4
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DC1
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DCA
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DD5
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DE2
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DEB
                                                                                                                                                                                                                                                                  • SaveDC.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131DF5
                                                                                                                                                                                                                                                                  • IntersectClipRect.GDI32(?,?,?,?,?,?,?,?,?,?,?,00007FFDF8133920), ref: 00007FFDF8131E39
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$DeleteRectSelectStock$ClipIntersectSaveVisible
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1353815414-0
                                                                                                                                                                                                                                                                  • Opcode ID: fe9df8852b91a8ed93d47f61638fa5880d9a0a868887594fa4c2d46a93532b82
                                                                                                                                                                                                                                                                  • Instruction ID: 061fa276b642346d3e6eba5fa256a6dde4a5746286c1c49a4deb4745256f7c1f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe9df8852b91a8ed93d47f61638fa5880d9a0a868887594fa4c2d46a93532b82
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F311876B08A8187EB44DF16F464529B3A0FB88B94F044435EF9E87B68DF3CE4918B04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684D28A00 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 185fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF684D28A8E
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF684D28AA8
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000007), ref: 00007FF684D28B55
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4F230: RtlPcToFileHeader.NTDLL(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF684E4A36A), ref: 00007FF684E4F280
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4F230: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF684E4A36A), ref: 00007FF684E4F2C1
                                                                                                                                                                                                                                                                  • LockFileEx.KERNEL32 ref: 00007FF684D28BDC
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF684D28BEB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$ErrorLast$CloseCreateExceptionHandleHeaderLockRaise
                                                                                                                                                                                                                                                                  • String ID: couldn't obtain exclusive file lock$couldn't open file
                                                                                                                                                                                                                                                                  • API String ID: 3557019546-1370462906
                                                                                                                                                                                                                                                                  • Opcode ID: 4161c7c054975a9656f5271ce70bb22ca61778ace1a9903db281745346fe7512
                                                                                                                                                                                                                                                                  • Instruction ID: 7bfcd15f525ddf83807e7bf1b5831524e144752fe8b8fbb73d6b461afa871157
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4161c7c054975a9656f5271ce70bb22ca61778ace1a9903db281745346fe7512
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00617C72A18A51C2E7209B14E4843A973A4FF847A4F50433AEAAE837D4EF3DE845C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E73950 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1415 7ff684e73950-7ff684e739a6 1416 7ff684e739ac-7ff684e739af 1415->1416 1417 7ff684e73a96 1415->1417 1418 7ff684e739b9-7ff684e739bc 1416->1418 1419 7ff684e739b1-7ff684e739b4 1416->1419 1420 7ff684e73a98-7ff684e73ab4 1417->1420 1421 7ff684e73a7b-7ff684e73a8e 1418->1421 1422 7ff684e739c2-7ff684e739d0 1418->1422 1419->1420 1421->1417 1423 7ff684e739d2-7ff684e739d5 1422->1423 1424 7ff684e739e0-7ff684e739ff LoadLibraryExW 1422->1424 1425 7ff684e739db 1423->1425 1426 7ff684e73ad5-7ff684e73ae4 GetProcAddress 1423->1426 1427 7ff684e73ab5-7ff684e73aca 1424->1427 1428 7ff684e73a05-7ff684e73a0e GetLastError 1424->1428 1429 7ff684e73a67-7ff684e73a6e 1425->1429 1431 7ff684e73ae6-7ff684e73b0d 1426->1431 1432 7ff684e73a74 1426->1432 1427->1426 1430 7ff684e73acc-7ff684e73acf FreeLibrary 1427->1430 1433 7ff684e73a55-7ff684e73a5f 1428->1433 1434 7ff684e73a10-7ff684e73a27 call 7ff684e6bd18 1428->1434 1429->1422 1429->1432 1430->1426 1431->1420 1432->1421 1433->1429 1434->1433 1437 7ff684e73a29-7ff684e73a3d call 7ff684e6bd18 1434->1437 1437->1433 1440 7ff684e73a3f-7ff684e73a53 LoadLibraryExW 1437->1440 1440->1427 1440->1433
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF684E74288,?,?,?,?,00007FF684E6FBBD,?,?,?,?,00007FF684E4A080), ref: 00007FF684E73ACF
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF684E74288,?,?,?,?,00007FF684E6FBBD,?,?,?,?,00007FF684E4A080), ref: 00007FF684E73ADB
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                  • Opcode ID: e93aacc49461d32dc26f6f0034173139520bb090f443e84bbe61087ac6c34991
                                                                                                                                                                                                                                                                  • Instruction ID: 2e1dd3de6e85f6dd1fbe4f9a2db0e19eeca89e4499024617cccfeda0fc19d0a3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e93aacc49461d32dc26f6f0034173139520bb090f443e84bbe61087ac6c34991
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F41E261B1D602C1FB92DB16A88867563A5BF85BE0F48813EDD4ECB785EE3CE445C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DF2630 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                                  control_flow_graph 1441 7ff684df2630-7ff684df2669 1442 7ff684df2681-7ff684df269a 1441->1442 1443 7ff684df266b-7ff684df2680 1441->1443 1444 7ff684df26b2-7ff684df2702 1442->1444 1445 7ff684df269c-7ff684df26b1 1442->1445 1446 7ff684df2950-7ff684df2958 1444->1446 1447 7ff684df2708-7ff684df2717 1444->1447 1448 7ff684df295a-7ff684df2964 1446->1448 1449 7ff684df2977-7ff684df297a 1446->1449 1450 7ff684df2720-7ff684df2725 1447->1450 1451 7ff684df2981-7ff684df2985 1448->1451 1449->1451 1452 7ff684df292e-7ff684df2942 1450->1452 1453 7ff684df272b-7ff684df274f 1450->1453 1455 7ff684df2988-7ff684df29c0 1451->1455 1452->1450 1454 7ff684df2948 1452->1454 1456 7ff684df2750-7ff684df275a 1453->1456 1454->1446 1456->1456 1457 7ff684df275c-7ff684df2785 1456->1457 1457->1452 1458 7ff684df278b 1457->1458 1459 7ff684df2790-7ff684df2795 1458->1459 1460 7ff684df279b-7ff684df27cc CompareStringW 1459->1460 1461 7ff684df2917-7ff684df2929 1459->1461 1462 7ff684df27d2-7ff684df27d9 1460->1462 1463 7ff684df28f8-7ff684df2911 1460->1463 1461->1452 1464 7ff684df27e0-7ff684df27eb 1462->1464 1463->1459 1463->1461 1464->1464 1465 7ff684df27ed-7ff684df2816 1464->1465 1465->1463 1466 7ff684df281c 1465->1466 1467 7ff684df2820-7ff684df2826 1466->1467 1467->1463 1468 7ff684df282c 1467->1468 1469 7ff684df2833-7ff684df283d 1468->1469 1469->1469 1470 7ff684df283f-7ff684df2864 1469->1470 1471 7ff684df28e1-7ff684df28f2 1470->1471 1472 7ff684df2866-7ff684df286a 1470->1472 1471->1463 1471->1467 1472->1471 1473 7ff684df286c-7ff684df2877 1472->1473 1474 7ff684df2880-7ff684df288b 1473->1474 1474->1474 1475 7ff684df288d-7ff684df28c8 CompareStringW 1474->1475 1476 7ff684df28ce-7ff684df28df 1475->1476 1477 7ff684df2966-7ff684df2975 1475->1477 1476->1471 1476->1472 1477->1455
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Resource section is empty$StringFileInfo$There is no resource section in module$Unable to determine product identifier from resources!
                                                                                                                                                                                                                                                                  • API String ID: 0-3023212541
                                                                                                                                                                                                                                                                  • Opcode ID: d1561d102b8fd0a2bbcc0e70d26fa40d9568f5e3c4aa53905ea6eabccc06b5cf
                                                                                                                                                                                                                                                                  • Instruction ID: d353811b1a431e29488fd3470e8ab8455fad31eed97bdd2bcf634abf5c1abd87
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1561d102b8fd0a2bbcc0e70d26fa40d9568f5e3c4aa53905ea6eabccc06b5cf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41A1BA72A05B91C6D7208B18F4843A9B7A1FB81BB4F948329DABE837E4DF79D445C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DF3770 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseErrorExceptionFileHeaderLastQueryRaiseValue__std_exception_copy
                                                                                                                                                                                                                                                                  • String ID: Cannot query registry value
                                                                                                                                                                                                                                                                  • API String ID: 1422943749-1100310711
                                                                                                                                                                                                                                                                  • Opcode ID: a2ff59fed97071ea8791b8054d925fbdad3f20e5853e6c47a88b616a416274c8
                                                                                                                                                                                                                                                                  • Instruction ID: 69c82aee20c4ce620dcd96a5f505711b41ce74b56cf4cff7ef03ba7a9cb0fa4a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a2ff59fed97071ea8791b8054d925fbdad3f20e5853e6c47a88b616a416274c8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68417272A08A81D2EB20DF25E59426973A4FF88780F51513AEB8D83B58DF7CE454CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DE13C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00007FF684DE1458
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4C850: AcquireSRWLockExclusive.KERNEL32(?,?,000001CD4F91CF00,00007FF684C985E1), ref: 00007FF684E4C860
                                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF684DEE054), ref: 00007FF684DE140B
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF684DEE054), ref: 00007FF684DE141B
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4C7E4: AcquireSRWLockExclusive.KERNEL32(?,?,000001CD4F91CF00,00007FF684C9861C), ref: 00007FF684E4C7F4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E4C7E4: ReleaseSRWLockExclusive.KERNEL32(?,?,000001CD4F91CF00,00007FF684C9861C), ref: 00007FF684E4C834
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExclusiveLock$Acquire$AddressCurrentHandleModuleProcProcessRelease
                                                                                                                                                                                                                                                                  • String ID: NtQueryInformationProcess$ntdll.dll
                                                                                                                                                                                                                                                                  • API String ID: 3745433715-2906145389
                                                                                                                                                                                                                                                                  • Opcode ID: 3f0f91a739c4d3d94a0e1eb81421d2eaac21fe05956b9cff31deb9a3a2afeb54
                                                                                                                                                                                                                                                                  • Instruction ID: 972acf74f0ca26cb3bed2fc968778ca891fdfa02fa419e2b7d39caa728ab0df8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f0f91a739c4d3d94a0e1eb81421d2eaac21fe05956b9cff31deb9a3a2afeb54
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99212F21E18A42C6EA91DB11E8D52B973A4BF89B90F44123AD94EC3365DF3CE545C710
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DFAA80 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: onexit_register_connector_avast_2${9C7565A2-47C2-4869-B388-8C7F9AD8E577}
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-1060404012
                                                                                                                                                                                                                                                                  • Opcode ID: e7a91ff7319323f82fc5eac01edff8933c38f3442762f178effe1e7f868ccf5b
                                                                                                                                                                                                                                                                  • Instruction ID: a0864cb9f7bcd908a9c9173e0aee024ef2b8040bec6433a633a609592ea88894
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7a91ff7319323f82fc5eac01edff8933c38f3442762f178effe1e7f868ccf5b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA615932A15B41C6E620CF25E8C466973A4FF84B94F15823ADA9E83B60EF7CE494C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DEBBA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBAD0: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF684C972F1,?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684DEBB11
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBAD0: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF684C972F1,?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684DEBB2A
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBAD0: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF684C972F1,?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684DEBB87
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF684C9E541), ref: 00007FF684DEBBF4
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF684C9E541), ref: 00007FF684DEBC15
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684DEBC3F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • asw::lifetime::impl::lifetime_creation_monitor_holder::set_created, xrefs: 00007FF684DEBC60
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CloseDeleteEnterEventHandleInitializeLeave
                                                                                                                                                                                                                                                                  • String ID: asw::lifetime::impl::lifetime_creation_monitor_holder::set_created
                                                                                                                                                                                                                                                                  • API String ID: 3040484998-3605786268
                                                                                                                                                                                                                                                                  • Opcode ID: 9dd432d20c9328343f620b40d78ba352de4252280ab23e3a00d36ba4b100d6f4
                                                                                                                                                                                                                                                                  • Instruction ID: bc200cdafd86ee8742d0a39eb59002e5beb1810f722d6cca355621715e87ac5b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dd432d20c9328343f620b40d78ba352de4252280ab23e3a00d36ba4b100d6f4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E121A132A08A46C2EB10DB35E4D4179A360FF94B90F144639DA6EC7665DF6CE491C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C96E40 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                  • String ID: to_wide<char> invalid arguments$to_wide<char>::MultiByteToWideChar
                                                                                                                                                                                                                                                                  • API String ID: 626452242-363086301
                                                                                                                                                                                                                                                                  • Opcode ID: f8b4dd5c248b2227b77b408c08137eee648531ae4cc58b9d1b8317ec8a6af14c
                                                                                                                                                                                                                                                                  • Instruction ID: 3be2eae093d1ac77d350a505edbfb82bfcd98349aaf576de3bd3c2704ecfbad4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8b4dd5c248b2227b77b408c08137eee648531ae4cc58b9d1b8317ec8a6af14c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B51D062B18A46D1EB10DF15E4C02796BA4FF94788F40113EEA5E83AA4DF3DE991C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B83EB Relevance: 6.1, APIs: 4, Instructions: 83timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Timer$ClickCriticalDoubleLeaveSectionTime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2419403106-0
                                                                                                                                                                                                                                                                  • Opcode ID: ca7ff4eb6e09aa509fc08cc7a984e7a6040556234b966d2e0ffc08b8e3a1683f
                                                                                                                                                                                                                                                                  • Instruction ID: e4ecbe3cf4b8b037a4e84ba3e2b30a3d023af7206647389985c1361afe1e9fe6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca7ff4eb6e09aa509fc08cc7a984e7a6040556234b966d2e0ffc08b8e3a1683f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94318F3670468187EB5DDF25E564AA867A0FB88B95F444132CF2E837E4CF38E461E705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6A70 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterKillLeaveTimer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 610966039-0
                                                                                                                                                                                                                                                                  • Opcode ID: 539da9b9316b922e6e21dc1f72e359e297ca7eb0a7c8d5dc39b8b531bea70243
                                                                                                                                                                                                                                                                  • Instruction ID: a1832da5545a81131872208c71342e637d6400474385b2e24b104f10bd5ffd89
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 539da9b9316b922e6e21dc1f72e359e297ca7eb0a7c8d5dc39b8b531bea70243
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34216262B08A4482EB149F11E864E7977A0FB45FD5F484131DD6E573E8CF3CD4469305
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C9E280 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111synchronizationCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C972B0: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684C97310
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C972B0: LeaveCriticalSection.KERNEL32 ref: 00007FF684C97351
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF684C9E39D
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF684C9E3BF
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBBA0: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF684C9E541), ref: 00007FF684DEBBF4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBBA0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF684C9E541), ref: 00007FF684DEBC15
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBBA0: LeaveCriticalSection.KERNEL32 ref: 00007FF684DEBC3F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandle$CriticalLeaveSection$EventObjectSingleWait
                                                                                                                                                                                                                                                                  • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                  • API String ID: 1589410826-2706815617
                                                                                                                                                                                                                                                                  • Opcode ID: 5343ae79a2e5eb633179cb653845757bb13a8560e47517911e0998da418189c5
                                                                                                                                                                                                                                                                  • Instruction ID: 04a6f35dc57b8ec33775dc467ea2ad0bb80cb2423bc1461c5e797f0ba6191771
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5343ae79a2e5eb633179cb653845757bb13a8560e47517911e0998da418189c5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4514D32A15B41DAEB10DF21E4802AC73B9FF54788F45053AEA4D97B99DF38E566C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C9E440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111synchronizationCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C972B0: CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684C97310
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C972B0: LeaveCriticalSection.KERNEL32 ref: 00007FF684C97351
                                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32 ref: 00007FF684C9E55D
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00007FF684C9E57F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBBA0: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF684C9E541), ref: 00007FF684DEBBF4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBBA0: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF684C9E541), ref: 00007FF684DEBC15
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBBA0: LeaveCriticalSection.KERNEL32 ref: 00007FF684DEBC3F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CloseHandle$CriticalLeaveSection$EventObjectSingleWait
                                                                                                                                                                                                                                                                  • String ID: lifetime_object must be allocated on static memory (static or global variable or member of such a variable).
                                                                                                                                                                                                                                                                  • API String ID: 1589410826-2706815617
                                                                                                                                                                                                                                                                  • Opcode ID: 4e27794a5e49b3792c5ef5c4e03e349731b83fe80d56132bd968194c35a5cad5
                                                                                                                                                                                                                                                                  • Instruction ID: e97deeb7bd4513f54733d8f8a67316bd56546411fd60fa035ad6d309e9a1f1d9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e27794a5e49b3792c5ef5c4e03e349731b83fe80d56132bd968194c35a5cad5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3514B32A05B41DAEB10DF20E4802AC73B9FF54788F45453AEA4D97B99EF38E566C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E4F230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlPcToFileHeader.NTDLL(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF684E4A36A), ref: 00007FF684E4F280
                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFE,00007FF684E4A36A), ref: 00007FF684E4F2C1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                  • Opcode ID: 93875e533b80c5b33e1e0c7099ddd82550034a01b900a24934021f87f93a35b1
                                                                                                                                                                                                                                                                  • Instruction ID: 0eb8c25df6034207d21925b8bef3b4b5a897699a0ba74308e28426158b943f10
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93875e533b80c5b33e1e0c7099ddd82550034a01b900a24934021f87f93a35b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F112B36618B41C2EB218B15F484269B7E5FF88B84F584635DE8D47B58DF3CD551CB04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E6520 Relevance: 5.0, APIs: 3, Instructions: 492windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Focus$ForegroundWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 332191172-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0d8dcf9805dcfe52e992cc963f4ff82836f7e0eff3a56c886a5e5c7ebf160b1d
                                                                                                                                                                                                                                                                  • Instruction ID: 9619c9e55a26dc4a50740be1f898f79ca586062f67e0f38fef48007cf820cb76
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d8dcf9805dcfe52e992cc963f4ff82836f7e0eff3a56c886a5e5c7ebf160b1d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D226727F49B4586EB18DF65D464AAD27A0FF48B88F094631CE2D4B7A8CF38D445E309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C4660 Relevance: 4.6, APIs: 3, Instructions: 122timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 951747058-0
                                                                                                                                                                                                                                                                  • Opcode ID: f5ee847835496909cef82b2f27682b0da41e1e1de5265088012221144c7635d8
                                                                                                                                                                                                                                                                  • Instruction ID: 82cdda6273442300ce2ec8249bdfadeb8dc0324fef6af8920efa1612d8345da6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5ee847835496909cef82b2f27682b0da41e1e1de5265088012221144c7635d8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2519C32B09E8182EB04DF25E8A4A6977A4FB8AB94F454131DA5E437E8DF3CE441E704
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C2660 Relevance: 4.6, APIs: 3, Instructions: 105timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeaveTimer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 951747058-0
                                                                                                                                                                                                                                                                  • Opcode ID: d10d864cdeb864571d251d12f4e38ce8becc48beac5cb63871e74731eda5ecbb
                                                                                                                                                                                                                                                                  • Instruction ID: cc607da1296834a9d3b234a07764edc4bc6c03b81eabc3154783854e8f5d11ef
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d10d864cdeb864571d251d12f4e38ce8becc48beac5cb63871e74731eda5ecbb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C417C26B09B4682EF18DF15E8A4A7967A0FB89F95F484131CE5E437E8CE3CD441A705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6E70 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalEnterSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1904992153-0
                                                                                                                                                                                                                                                                  • Opcode ID: 678659e541d088878546a59159e9190b67a79a79fdd7a576fe8a80802ba82d37
                                                                                                                                                                                                                                                                  • Instruction ID: 5a204a6db8813fe175e801660e0381e110fbb82e7baa765284d49dbd9a4a06e6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 678659e541d088878546a59159e9190b67a79a79fdd7a576fe8a80802ba82d37
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8131C466B0970282FB5A9F21D5A0E7863A1BF05BD4F894031CD2D977E9DF3CE451B20A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BE790 Relevance: 4.6, APIs: 3, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CtrlMessageParentSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1176577205-0
                                                                                                                                                                                                                                                                  • Opcode ID: 22944f4c669d8131fd1c291a5a23b761b8dc44ee78cecb5fd4f0807b65f26224
                                                                                                                                                                                                                                                                  • Instruction ID: 1759b6c02393387bacfa7efc3d54cf503e69d788706140c37e3ee79269cd1a8d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22944f4c669d8131fd1c291a5a23b761b8dc44ee78cecb5fd4f0807b65f26224
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0421A172B09B4186EB14DF26A824A6973A1EF88BC4F940135EE5E8B7E8DF3CD4419705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C1730 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClientCursorFromPointScreenWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3548534679-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0df2ca66a77a67eff6004b281091b7cb32444f7e6fae7b2cac9491fca2edc585
                                                                                                                                                                                                                                                                  • Instruction ID: b72991f4960266ba91ac22c02b746f57303e7e1bafe02851ee1941577d5f1ad0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0df2ca66a77a67eff6004b281091b7cb32444f7e6fae7b2cac9491fca2edc585
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C114976B08B4182DB44DF22E1589AA63A0FB89BC4F484131EE5E8B7ACDF3CD4549B45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C2960 Relevance: 4.5, APIs: 3, Instructions: 45windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CtrlMessageParentSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1176577205-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3fff3547b47cbf8ebfa6cfd3f36513b82c006330275efbfd4ebe5649fbac0a16
                                                                                                                                                                                                                                                                  • Instruction ID: 2d3d2be360390db90a90e782cb530bf29291a5eff9fae7e59c376185c62aa4e9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fff3547b47cbf8ebfa6cfd3f36513b82c006330275efbfd4ebe5649fbac0a16
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98118171719B8182EB44DF20E85866973A0FB48BC0F554035EBAD4B7A8DF3CD451C744
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D3980 Relevance: 3.8, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1a6a625c635c064b87a707738c5bf3c42742581eb1f23db75f5a0ccd18f37ba8
                                                                                                                                                                                                                                                                  • Instruction ID: 9c1a14a6a7e9cdfdf8caaed3362df56342df871fcb4f7348daea3b7f28e3ed67
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a6a625c635c064b87a707738c5bf3c42742581eb1f23db75f5a0ccd18f37ba8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1216067705A4682EB18DF1AE864E68A7A0FB88F94F494031DE2D473F4EF3CD845A305
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C9C470 Relevance: 3.3, APIs: 2, Instructions: 301COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2bdab512405c68312a00e5ea636ffdd290b5a149c5f76514621f88ddbe62b964
                                                                                                                                                                                                                                                                  • Instruction ID: 460e19c6cb0a1c37aea8d3f14ac94eed7c7837407610ca5b54057805111bf922
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bdab512405c68312a00e5ea636ffdd290b5a149c5f76514621f88ddbe62b964
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52B1F262A08B80D1EA149F25E58426C77A5FF48BE8F148636DBAC47BD5DF79E4A0C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C97900 Relevance: 3.1, APIs: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: __std_exception_destroy
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2453523683-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8ba9aa2a4e7f67bf66e5fc9569850e7a9caad549f82e1d5dd7adf39494361ba8
                                                                                                                                                                                                                                                                  • Instruction ID: 17a38f404482b34d2c062967a76b0139fa3834eeb5668a74388174eef4c1f628
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ba9aa2a4e7f67bf66e5fc9569850e7a9caad549f82e1d5dd7adf39494361ba8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E414036A0AB41D2EB50CB15E584269B3B9FF44B94F15813ADA9D87B50DF3EE842C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C3570 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: UpdateWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2116364557-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8792a9398a5c70e99f2ce61b68db96d16d090379dc9f398749ca7728ec2d28f3
                                                                                                                                                                                                                                                                  • Instruction ID: 36ebbc1c4daa08d01dcfb14bf21196a6b24432fdf8d1fbd41fb84acc10d751d4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8792a9398a5c70e99f2ce61b68db96d16d090379dc9f398749ca7728ec2d28f3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09218032709A4282EB14DF15E060A79B7A0FF89B94F458235DA6D477E8CF3CE0009705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D4420 Relevance: 2.6, APIs: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 1ad873df3d0d15cd40afd86541eda0fed8dca10a90ac3c6a4c23d7eebd747352
                                                                                                                                                                                                                                                                  • Instruction ID: ba7cfc1b41830a4432305b237aac16141ef4ca0f01fcbb287babb23a7c9ebc3b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad873df3d0d15cd40afd86541eda0fed8dca10a90ac3c6a4c23d7eebd747352
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F515E27B09A4582EB18DB15E86093967A0FB44FD0F484131DE6E437F9DF3CE845A345
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D2E50 Relevance: 2.6, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: cd69026042e174328557287e0688da0010430cd6fc5da25317d5e8b41331ed32
                                                                                                                                                                                                                                                                  • Instruction ID: 8167b21be34436089f0572103454eaa1f615672477a243a9766ad7f26bcf40d1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd69026042e174328557287e0688da0010430cd6fc5da25317d5e8b41331ed32
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37319232B1864286EB64CB25E56067AA7E0FB857C0F444134EA6D83BDCDF3CE450EB05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D1370 Relevance: 2.6, APIs: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: 34e0e7fbc52b20da9931411c419c440bdd767de41bcf5eab1404850bae2d8379
                                                                                                                                                                                                                                                                  • Instruction ID: d096ea69c47e2646f66c84ea78a35fbb97071eba2d94051cfa9552654ebafed6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34e0e7fbc52b20da9931411c419c440bdd767de41bcf5eab1404850bae2d8379
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06311E67B09B46C2EB08DB16D864668A7A0FB88F90F494031DE2D433F5DF3CD845A745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DEBEF0 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,00007FF684DEC592,?,?,00000000,00007FF684DEBB75), ref: 00007FF684DEBF34
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684DEBFF3
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: 70cf5108d1e85d223ec8f48727a6542f06328c6f2c6b22c7d28e2577c867fa74
                                                                                                                                                                                                                                                                  • Instruction ID: 06bb03636f9aba007d807fac30064a917b24ee3c76735bf25bbc91a5bcf88732
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70cf5108d1e85d223ec8f48727a6542f06328c6f2c6b22c7d28e2577c867fa74
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32313222908B46C2DB60CF25E4C0169B7A5FF95B98F14133AEE5E87799DF39E481CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B9310 Relevance: 2.5, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: 68c330fe6670181e2a730212d2b734b7f1becf170376018d40afb2a0a558a6e8
                                                                                                                                                                                                                                                                  • Instruction ID: b13a61a1c8f11fe60008389fb73043db8e8006fa6fdb21fbca2018748b2e2762
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68c330fe6670181e2a730212d2b734b7f1becf170376018d40afb2a0a558a6e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F06221B1878182DB18DB16F55556E67A0EB89BC0F981030EEAD43B98EE3CD4909B04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E4C8D8 Relevance: 1.6, APIs: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 118556049-0
                                                                                                                                                                                                                                                                  • Opcode ID: f05b859e722efe2ab98d1bfa31860fd92849cb151de5480d1fc5f14489abbb37
                                                                                                                                                                                                                                                                  • Instruction ID: 73bd11cc212dc878f17ef157754acd0c40668cba1209afdabc96ff3e9a5a6863
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f05b859e722efe2ab98d1bfa31860fd92849cb151de5480d1fc5f14489abbb37
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89518E72D18602C6F7248F25E58A2356794BF453E4F11963DEAAEC37D1DE3DA451CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA23C0 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                                  • Opcode ID: fc1da96005381a4137aaa48c2fc9c880495717198b0a4fe8c47b44e3917319fd
                                                                                                                                                                                                                                                                  • Instruction ID: e3dcda671fae8c948f763af455464cad04f323fcf2d74f968f94adc716023649
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc1da96005381a4137aaa48c2fc9c880495717198b0a4fe8c47b44e3917319fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E341F2A2B04655C1EA14DB16E5485BD63A9BF48BE0F54823ADEBD87BD5EF3CD441C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8186550 Relevance: 1.6, APIs: 1, Instructions: 94timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Timer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2870079774-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5298ba705380b297790e0d98a558b914b0dab89ab30cacb476ae396df7574bd3
                                                                                                                                                                                                                                                                  • Instruction ID: c4b185aae2feca6e020ded1b33ec3731fe2704cc4c99190977ab3807172dbfa6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5298ba705380b297790e0d98a558b914b0dab89ab30cacb476ae396df7574bd3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C414667B05B8682EB08DB16E4656B963A0FB88F90F088135CE2E477A8CF3CE451D345
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA2140 Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3668304517-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9ea991cc4fd88d75c0ed77c4e38a888c219e6392b75f7955bf512f0e0f6f08b5
                                                                                                                                                                                                                                                                  • Instruction ID: c4d09c200ffa32d6f8f0ace25fd0cf2ce72f19b4e4aa7957e69234744d99fe45
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ea991cc4fd88d75c0ed77c4e38a888c219e6392b75f7955bf512f0e0f6f08b5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD11C162F19A42C1ED14D750E4C92B962B4FF88794F94063AE7AD42795DF2CD991C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E32A50 Relevance: 1.5, APIs: 1, Instructions: 38timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684D35BD0: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF684C9324D), ref: 00007FF684D35C26
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684D35BD0: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF684C9324D), ref: 00007FF684D35C3B
                                                                                                                                                                                                                                                                  • GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF684C93257), ref: 00007FF684E32A81
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProcSystemTimes
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 368006440-0
                                                                                                                                                                                                                                                                  • Opcode ID: 36025f84aa50649acd6f11ae2b9d4fa7be7672b16cd9358470827b4423444915
                                                                                                                                                                                                                                                                  • Instruction ID: 6bbb338ac59b835387c0306a891ca74cc3e0bedb760444f7bf95a438cc4796f5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36025f84aa50649acd6f11ae2b9d4fa7be7672b16cd9358470827b4423444915
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66119476619A84C6C764CF15F49045AB7A1F7CCB88B40522AFA8E83B18DF3CD650CF04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91A70 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: #115
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 646222842-0
                                                                                                                                                                                                                                                                  • Opcode ID: 06a38cd6b763722a2837df46c729e912678b70657e6abf6c598ac965c28e9bf1
                                                                                                                                                                                                                                                                  • Instruction ID: 6aa93e799ef84dc771d6015a307ffc45d80e45fa475ff5243ad5295ec64d0562
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06a38cd6b763722a2837df46c729e912678b70657e6abf6c598ac965c28e9bf1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63E0BF35E19A42C2FA619B24E8AA3B97360FFC9788F81003AD94DD7756DE2DE115CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8334144 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                  • Opcode ID: 24e1cc0ced93dc8532e351f1704293ce71c0d2cb446e57a1d0dd579aeb9f16b4
                                                                                                                                                                                                                                                                  • Instruction ID: fff146639ba85f095b4c2118a7b700c32e07ae528b84cbc8d11d58cfcba455ca
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24e1cc0ced93dc8532e351f1704293ce71c0d2cb446e57a1d0dd579aeb9f16b4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDD06C00F19A1702FB7A33A119329B904C45F35771E1D0B30A83DC52FAAD1CA481A25B
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837BDD4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FFDF83861C1,?,?,00000000,00007FFDF837575F,?,?,?,00007FFDF837A88F,?,?,?,00007FFDF837A785), ref: 00007FFDF837BE12
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9c345e38f2cfe88544f0fe2ae6d5bc5932e43e176e40cd112e1d4dc4f4f9c25e
                                                                                                                                                                                                                                                                  • Instruction ID: 611577874d90d1a44ccdca1a0607369fd35a5e4d0094204ba3d3e6972771211e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c345e38f2cfe88544f0fe2ae6d5bc5932e43e176e40cd112e1d4dc4f4f9c25e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96F03A20F0C20646FB583A617861A7C51E15F447A1F5C4630DB3EC67E9EE6CE440615B
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E70B3C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(?,?,?,00007FF684E75F49,?,?,00000000,00007FF684E70997,?,?,?,00007FF684E704B7,?,?,?,00007FF684E703AD), ref: 00007FF684E70B7A
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1f30cb8872701429da35b61176d857d9ea2083c022aa2d567f3bf12d41318aaf
                                                                                                                                                                                                                                                                  • Instruction ID: 79e4345dbc3e070a97b739a385cc7126d3e0c8d471de090a07ac5c92af265c05
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f30cb8872701429da35b61176d857d9ea2083c022aa2d567f3bf12d41318aaf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F08244F0D307C5FE6597B1988827512A07F447B8F08463CDD2EC62C2FE2CE580C154
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D1BB5 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                  • Opcode ID: 33ff3a89048676a2f8b75ee89bb9442b2699a01de990520174a88da17a1790e2
                                                                                                                                                                                                                                                                  • Instruction ID: f7f1ba0213a4e79ff71ff16f97561f46df6196cca36aee71c816acdd71d75691
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33ff3a89048676a2f8b75ee89bb9442b2699a01de990520174a88da17a1790e2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45E06DA6708A9582D7049B02B0455AAA765F785FD8F840026FF9E47BD9CF3CD084D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D1BAB Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                  • Opcode ID: fbe343d7d1f772a12b6654d10fff18a1cec5c7235f7dd151da249924e02a9b9c
                                                                                                                                                                                                                                                                  • Instruction ID: 423f46a304f8d2ee60ebbbe6fd3316601a9987d6d9168a57ec22f64ec4968349
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbe343d7d1f772a12b6654d10fff18a1cec5c7235f7dd151da249924e02a9b9c
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53E06DA6708A9582D7049B02B0445AAA765F785FD8F840026FF9E47BD9CF3DD084D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D1BC9 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                  • Opcode ID: 60397c6184e81fac384fd1c756b195f528fbdf3da1c9bd47ccee93472cc6e775
                                                                                                                                                                                                                                                                  • Instruction ID: 612d55e4d9d7866cd85e4139c1d0a849b4b550bc2edb97c1ba3886b334bbd1b5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60397c6184e81fac384fd1c756b195f528fbdf3da1c9bd47ccee93472cc6e775
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4E0EDA2708A8182D3008B02B0005AAA764F785FD8F840026FF9E47BC9CF3CC084D704
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D1BBF Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                  • Opcode ID: 644d852335a7172b4dc46b6be2baeba7e7fa1b76febec440c9824cbf27fc1192
                                                                                                                                                                                                                                                                  • Instruction ID: c926820d44d1a6a1d0e2685e9f6215cfb0a699f2e78e3d553ad28f02635388a4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 644d852335a7172b4dc46b6be2baeba7e7fa1b76febec440c9824cbf27fc1192
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10E0EDA6708A8182D3008B02B0005AAA764F785FD8F840026FF9E47BC9CF3CC084D701
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D1BD3 Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3988221542-0
                                                                                                                                                                                                                                                                  • Opcode ID: 757598b58ef62265fb852523330b5329ebe2ee16bafd93f1aa683e4d6a392082
                                                                                                                                                                                                                                                                  • Instruction ID: 797868178b50191aa1d73a6e3824dbfe3f7e07ffae8ecbbbed26c2c6a8ce22df
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 757598b58ef62265fb852523330b5329ebe2ee16bafd93f1aa683e4d6a392082
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37E09AA6708B9082C6009B02B04449ABB65F789FD8F840016FF9E87B99CF3CC084CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C93230 Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32 ref: 00007FF684C9323B
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684D35BD0: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,00007FF684C9324D), ref: 00007FF684D35C26
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684D35BD0: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FF684C9324D), ref: 00007FF684D35C3B
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E32A50: GetSystemTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF684C93257), ref: 00007FF684E32A81
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressCriticalHandleInitializeModuleProcSectionSystemTimes
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1646434232-0
                                                                                                                                                                                                                                                                  • Opcode ID: f1c9cc6927b916c8238c627b2e5b928b3550474ba0a81561b731deaf227d2586
                                                                                                                                                                                                                                                                  • Instruction ID: fac9ef79cc1ea70c79f763f56e1892b728975671be6af79836e525e646afc3c4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1c9cc6927b916c8238c627b2e5b928b3550474ba0a81561b731deaf227d2586
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFF0AF11D2CA86C1E211DB24DDE92B46360BFEA344F92963DD54DC2172EF2CB2D5D200
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                  Function 00007FFDF80F29D0 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 404registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                                                                                                                  • String ID: (@$-HTMLAYOUT-POPUP$-HTMLAYOUT-TOOL$HTMLAYOUT$HTMLAYOUT-POPUP$HTMLAYOUT-TOOL$P
                                                                                                                                                                                                                                                                  • API String ID: 2620246556-1650735011
                                                                                                                                                                                                                                                                  • Opcode ID: 4bcf85258f5375545c7f721fa82571aa8ea3369c4c1f0ad3e1ac71c2c660e45d
                                                                                                                                                                                                                                                                  • Instruction ID: d3178e9a2326d10107492fbe9c95dc11a2e76d0c169d8e5d6034edf7960df171
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bcf85258f5375545c7f721fa82571aa8ea3369c4c1f0ad3e1ac71c2c660e45d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74122132F1C68387F7208B54E8606B973E4EB95344F544135EAAD866ECDF7CE580AB06
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F3050 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 400registryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Version$ClassCursorLoadObjectRegisterStock
                                                                                                                                                                                                                                                                  • String ID: (@$-HTMLAYOUT-POPUP-W$-HTMLAYOUT-TOOL-W$HTMLAYOUT-POPUP-W$HTMLAYOUT-TOOL-W$HTMLAYOUT-W$P
                                                                                                                                                                                                                                                                  • API String ID: 2620246556-2858749733
                                                                                                                                                                                                                                                                  • Opcode ID: e1ff05cffae27ee595081eb6c19b275901260582f90e83d50f730d29e4cc16d0
                                                                                                                                                                                                                                                                  • Instruction ID: 4e729f9e447fbe77ed7be8e32022513088896eb3444624f9c52e87b95221d481
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1ff05cffae27ee595081eb6c19b275901260582f90e83d50f730d29e4cc16d0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0125231F0C68286F7608B24E86067D73E0FB95754F558135E6AD8A6ECDF3CE580AB06
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DEDF90 Relevance: 44.1, APIs: 13, Strings: 12, Instructions: 371fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$File$ExclusiveLock$AcquireInfoVersion$CloseCreateExceptionHandleHeaderQueryRaiseReleaseSizeValueWrite_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID: 6$Cannot query a .sys file version from PPL process '{}'$GetFileVersionInfoSizeW$GetFileVersionInfoW$Unable to make a .sys copy$VerQueryValueW$VerQueryValueW signature is invalid$asw$set_file_content$set_file_content '{}'$set_file_content content is too large$tmp
                                                                                                                                                                                                                                                                  • API String ID: 3080410690-613824156
                                                                                                                                                                                                                                                                  • Opcode ID: 34bf942f27b29e8d6ce452b2db0d8057a77923a3b3e35dbb629312734e5fad24
                                                                                                                                                                                                                                                                  • Instruction ID: aa5768f7e83b2924b255224c2974e0712348802355a18d8910d3748c67e53a59
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34bf942f27b29e8d6ce452b2db0d8057a77923a3b3e35dbb629312734e5fad24
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C025172A19A82D1EA20DB24E4D43EEB360FF95784F40523AD68DC3AA5DF7DE549C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C97AA0 Relevance: 33.6, APIs: 8, Strings: 11, Instructions: 316processCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AttributesCloseErrorFileHandleLast$CreateProcess__std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID: --guid $37C8$6$@$Bugreporter dumper doesn't exist in path '$C1AF$bugr$bugr$epor$epor$t
                                                                                                                                                                                                                                                                  • API String ID: 1408558107-1922087432
                                                                                                                                                                                                                                                                  • Opcode ID: b1567f0a59f6c717594133424774c83d3108d57ea3a153a86bf8176fbea969ee
                                                                                                                                                                                                                                                                  • Instruction ID: 3ad4f40376373e8512d8f4e0df8d73b67468769121d81b882cde30cbbb765128
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1567f0a59f6c717594133424774c83d3108d57ea3a153a86bf8176fbea969ee
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F18E32A19BC5D9E720CF20D8843ED7774FF95748F40522AEA4D8AAA9DF78D685C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EF890 Relevance: 33.4, APIs: 22, Instructions: 421COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Long$Rect$Client$FillObjectParentStock
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 116929244-0
                                                                                                                                                                                                                                                                  • Opcode ID: 8719b709a49f15181a1ed0fbf1d2d354c56d21243d84004bc81373d4db581c2a
                                                                                                                                                                                                                                                                  • Instruction ID: ca9df366d0268eb0cf6c491a0825dedaea2397923606efafe1968e6a8b46bcd2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8719b709a49f15181a1ed0fbf1d2d354c56d21243d84004bc81373d4db581c2a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26125B72B14B828AEB14DF65D8605BD33A0FB89B94F444235DE6E57BA8DF38E580D304
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F0720 Relevance: 31.9, APIs: 21, Instructions: 394windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Window$Select$LongStock$Rect$ClientModeViewport$AlignCompatibleCreateDeleteParentText$BeginBitmapFillMessagePaintReleaseSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 557926025-0
                                                                                                                                                                                                                                                                  • Opcode ID: b441734555f3d78d62afa036504b83986ba5443eaea501ba86f9898ef5881a9a
                                                                                                                                                                                                                                                                  • Instruction ID: ad26aafda6c19d91f230fdd7e077c4a0e00cabe52652320b19acb8bde568116f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b441734555f3d78d62afa036504b83986ba5443eaea501ba86f9898ef5881a9a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97124C32B15B828AEB14DF75D8605AC37A0FB88794F449235EE6D53BA8DF38E580D704
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BE890 Relevance: 22.7, APIs: 15, Instructions: 199timekeyboardCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AsyncState$Timer$Kill$ClickDoubleTime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1542649206-0
                                                                                                                                                                                                                                                                  • Opcode ID: d4aebbe90c0bbf2019b784c6b6199c6fd6bb57495405969ae7ec323a31db64cb
                                                                                                                                                                                                                                                                  • Instruction ID: d7ce204e24afe9d05130777652f59e407083574c3b35dbbca4c6963643d40f4b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4aebbe90c0bbf2019b784c6b6199c6fd6bb57495405969ae7ec323a31db64cb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77918F76B14A4286EF14AF75E864ABD23A1FB48B94F004135CE6E877E8DF3CE0459345
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA6850 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                  • String ID: asw::settings::SettingsConfig::Lock
                                                                                                                                                                                                                                                                  • API String ID: 2061331858-4244600543
                                                                                                                                                                                                                                                                  • Opcode ID: 1a24c86d375ef18f977248080338c17249c0e7665b37ad9727d5d0d3d20a78e1
                                                                                                                                                                                                                                                                  • Instruction ID: f267a473d440d7735694eab435498fe47b7f436f1601742886d16f81ef225db4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a24c86d375ef18f977248080338c17249c0e7665b37ad9727d5d0d3d20a78e1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD718E61F09B42C5EB10DB65E8883B863B5BF88B98F44453AD95EA3694EF3CE955C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DE9C10 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 164memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                  • String ID: asw::log::context::TlsIndex
                                                                                                                                                                                                                                                                  • API String ID: 2061331858-143919551
                                                                                                                                                                                                                                                                  • Opcode ID: 35f3829cd99490305ba84810ce0e5bb8c5a7c545e5e8e634f087e8ca1b9a74b5
                                                                                                                                                                                                                                                                  • Instruction ID: 7c9581c8a583cd2fe67424bd4a58583b92c89d8f032e5a03f0111316848961a7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35f3829cd99490305ba84810ce0e5bb8c5a7c545e5e8e634f087e8ca1b9a74b5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8716F21E0AB42D5EB10DFA5D8883B863A1BF88B98F44463DD95E93794EF3CE555C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E55C0 Relevance: 15.3, APIs: 10, Instructions: 282COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Defer$Begin$LongPointsRectUpdate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3279777782-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7750ca3f306896b9ce825a8a0c5c4532a5b68b8750d8022050578ec52bd132e0
                                                                                                                                                                                                                                                                  • Instruction ID: efee384292e6650f8c42981325b3c2ca674a6642295cbbca14037f9ca1aec858
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7750ca3f306896b9ce825a8a0c5c4532a5b68b8750d8022050578ec52bd132e0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6C1B136B097418AEB14CF65E8A0AAE77B0FB48B88F454435CE6E57798DF38E401E705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8258AF0 Relevance: 15.1, APIs: 10, Instructions: 89clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF82990FC: WideCharToMultiByte.KERNEL32 ref: 00007FFDF8299137
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF82990FC: WideCharToMultiByte.KERNEL32 ref: 00007FFDF8299179
                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258B2F
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258B62
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258B77
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258B83
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258BAF
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258BB8
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258BE6
                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258BF4
                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258C02
                                                                                                                                                                                                                                                                  • CloseClipboard.USER32(?,?,?,?,?,00000000,00007FFDF8258A55), ref: 00007FFDF8258C08
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Global$Clipboard$AllocByteCharDataLockMultiUnlockWide$CloseOpen
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2505041382-0
                                                                                                                                                                                                                                                                  • Opcode ID: 4169a4e27f847f6c1e9859d6ddfb27c5c8aeef5013f266c319714ec0d348ef65
                                                                                                                                                                                                                                                                  • Instruction ID: a0fd1cf2ab79d145f20b2738c556533c521abb999fac3d3f3319edd6624ed2ce
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4169a4e27f847f6c1e9859d6ddfb27c5c8aeef5013f266c319714ec0d348ef65
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84418E62B0AB8286EB18AB11E46456973A0FB48BD5F484031DEAE877ECDF3CE450D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA6290 Relevance: 12.7, APIs: 10, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$Free$CriticalSection$Alloc$ClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2061331858-0
                                                                                                                                                                                                                                                                  • Opcode ID: ac7fad7d679a62b1b547f3ab00112ef58c9bdf18bf28de73c4d235d4a6427485
                                                                                                                                                                                                                                                                  • Instruction ID: 21fa3244c4bd1d5cf73a2cf450da96b1ddd01f36835947fa973265de60d301f1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac7fad7d679a62b1b547f3ab00112ef58c9bdf18bf28de73c4d235d4a6427485
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20718062F19A42C5EB00DBA5E8842B863B5BF88B98F44453EDD5DA3B94DF3CE545C310
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8258570 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42clipboardregistrymemoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(?,?,?,?,00007FFDF82584EE,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDF825857B
                                                                                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(?,?,?,?,00007FFDF82584EE,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDF82585A9
                                                                                                                                                                                                                                                                  • GlobalLock.KERNEL32(?,?,?,?,00007FFDF82584EE,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDF82585B5
                                                                                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?,?,?,?,00007FFDF82584EE,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDF82585D8
                                                                                                                                                                                                                                                                  • RegisterClipboardFormatW.USER32(?,?,?,?,00007FFDF82584EE,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDF82585F9
                                                                                                                                                                                                                                                                  • SetClipboardData.USER32(?,?,?,?,00007FFDF82584EE,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDF825860A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClipboardGlobal$AllocDataFormatLockOpenRegisterUnlock
                                                                                                                                                                                                                                                                  • String ID: HTML Format
                                                                                                                                                                                                                                                                  • API String ID: 175603225-1098232656
                                                                                                                                                                                                                                                                  • Opcode ID: c8df38e7a3bd123ec06d38ea86e87d0eb7d898257052e031b4b65d932d39675b
                                                                                                                                                                                                                                                                  • Instruction ID: 69218d08f97bb723ece66ee346178ff85304d68fdd69ac4aa4061cfbe86f509a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8df38e7a3bd123ec06d38ea86e87d0eb7d898257052e031b4b65d932d39675b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E71100A5F1AA8183E708AF12E96452973A1FB48BC4F484035DA6E877ACDF3CE4519705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EEFA0 Relevance: 12.2, APIs: 8, Instructions: 234COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CreateLongObjectSelect$CompatibleDeleteRectSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3118830011-0
                                                                                                                                                                                                                                                                  • Opcode ID: d78f25981b20db85a12dfefa2a48371d634c93f1073e5d7118523960567bb6b5
                                                                                                                                                                                                                                                                  • Instruction ID: e88a7734c34c40669245b68f154dddb82d18ba673e5fb137ba7c765f57cc7314
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d78f25981b20db85a12dfefa2a48371d634c93f1073e5d7118523960567bb6b5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAC18C36B08B858AEB14DF35E854AAD73A0FB88B84F444136DA5D53BACCF38D145DB05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF81CB730 Relevance: 12.1, APIs: 8, Instructions: 134threadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Create$Thread$CriticalInitializeSection$Event
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1305097065-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2f466ac1f6b91d6da7fba6c3bc10f612a0a69e630dbb037edf73bae96f291eed
                                                                                                                                                                                                                                                                  • Instruction ID: f15128eaac4a771495cbd5ca87f737dd38dd0509085840088208cf9386f086e1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f466ac1f6b91d6da7fba6c3bc10f612a0a69e630dbb037edf73bae96f291eed
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99517D77A04B1186E728DF25E4205A973A1FB88B88B094232DE5E877ACCF3CE505D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EC810 Relevance: 10.8, APIs: 7, Instructions: 292COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeaveObject
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 103721977-0
                                                                                                                                                                                                                                                                  • Opcode ID: cc72c222428a5166b7c1b34b7d7f7a99eb49ca1f2f97f6dc44cccc61c4da6406
                                                                                                                                                                                                                                                                  • Instruction ID: b8a8b8b008aaae748fcf1326223ff2c11275f117219b0d2ae4e6e7cf39c3b4ed
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc72c222428a5166b7c1b34b7d7f7a99eb49ca1f2f97f6dc44cccc61c4da6406
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6E1A472724A81DAEB64DF25D850BED77A0FB84B88F444132EA5E83AE8CF38D545D740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E79328 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 226COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: GetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E7240F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsGetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72424
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: SetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E724AF
                                                                                                                                                                                                                                                                  • TranslateName.LIBCMT ref: 00007FF684E79395
                                                                                                                                                                                                                                                                  • TranslateName.LIBCMT ref: 00007FF684E793D0
                                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF684E6D220), ref: 00007FF684E79415
                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF684E6D220), ref: 00007FF684E7943D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                                                                  • API String ID: 1791977518-905460609
                                                                                                                                                                                                                                                                  • Opcode ID: eed7dd40d9d1402df70d81eb41c63669d828668a68202db6ff0c87454736f6cf
                                                                                                                                                                                                                                                                  • Instruction ID: 5aa0a17fdb1d3b3785ebee0787374f858b8c8ae96ac0ed3180bcca7aec122934
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eed7dd40d9d1402df70d81eb41c63669d828668a68202db6ff0c87454736f6cf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B6918A32A0C742C1FB649F21D4892B927B5FF84BA8F444139DA5D87696EF3CE552C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E79D64 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: GetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E7240F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsGetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72424
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: SetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E724AF
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsSetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72445
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E724E5
                                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF684E79ED4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsSetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72472
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsSetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72483
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsSetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72494
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72504
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E7252C
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF684E6D219), ref: 00007FF684E79EBB
                                                                                                                                                                                                                                                                  • ProcessCodePage.LIBCMT ref: 00007FF684E79EFE
                                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32 ref: 00007FF684E79F10
                                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32 ref: 00007FF684E79F26
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32 ref: 00007FF684E79F82
                                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32 ref: 00007FF684E79F9E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2591520935-0
                                                                                                                                                                                                                                                                  • Opcode ID: 62f8702f6b5704b15cc78ccd6eff61598c2b9f47a4b757b012be62576726284f
                                                                                                                                                                                                                                                                  • Instruction ID: a3b06c723a5bb6655f43ade8d2517b88dbb402e15c87a3035f84798fdc0ff55c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62f8702f6b5704b15cc78ccd6eff61598c2b9f47a4b757b012be62576726284f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90714932B0C602CAFB549F71D8986FA23B4BF45BA8F444539CA1D97696EF3CA845C350
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8374B74 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9603bfcd7ec9ab17c348f56aca8f175d4cb2340f22ca4ef12617b67ba2aea569
                                                                                                                                                                                                                                                                  • Instruction ID: 61efce917ad2805b1f10d4166e9e8a0a8fdc168469566f1570f3fd54b0d2b9e1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9603bfcd7ec9ab17c348f56aca8f175d4cb2340f22ca4ef12617b67ba2aea569
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C318332708B8196D764DF25E8506AE73E4FB88758F580136EAAD83BA8DF3CD145CB05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E61844 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                  • Opcode ID: c96ca89f4f9398d8288dda1ac37004421fbc1262667d1c5cc6431f3b1f47c90d
                                                                                                                                                                                                                                                                  • Instruction ID: 2c78d6d6267b30a8e2b72d031dfe7b6c618a69e9c5bdc921aa17b283966b4bc4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c96ca89f4f9398d8288dda1ac37004421fbc1262667d1c5cc6431f3b1f47c90d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8312D36A08B81C6DB608F65E8846AE77A4FF88794F500139EB9D83B99DF38D545CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F0210 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$FromPoint
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2501751775-0
                                                                                                                                                                                                                                                                  • Opcode ID: fe73b1b185ceb9d26b7f7146317ba9fc52fb26274534e5e78b324e57979880ae
                                                                                                                                                                                                                                                                  • Instruction ID: 59a26d235d4a36775a8e7ae058f78c4ea9e0b00a0e1ba4bf24961e1973081c8e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe73b1b185ceb9d26b7f7146317ba9fc52fb26274534e5e78b324e57979880ae
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C518FB7B09A4186EF54CF15D86467963A0FF88B88F59C131CA5D833E8DF3CE441A249
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF836BCD0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1502251526-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 5d054bfc6a733c7670e92203fbee34688794374a43823342ea81524ba96ba134
                                                                                                                                                                                                                                                                  • Instruction ID: a08d5eee1af0d0246a8bbdb32ccba364c383f00fd06d3567a7d7651c86183cc1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d054bfc6a733c7670e92203fbee34688794374a43823342ea81524ba96ba134
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85C1F372B1928687E720DF19E058E6AB7D1F784788F488135DB5B87B98DB3CE801DB05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E4D66C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF684E4D6EF
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                  • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                  • Opcode ID: e7c0d040efd2bd70ed9f2adb80ba95a2050988227c85a76eec2643c6a05e5947
                                                                                                                                                                                                                                                                  • Instruction ID: 0879b875a8799be1a33b6811d5e6888727ddfcf18cbc85a477f28ba80c30637b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7c0d040efd2bd70ed9f2adb80ba95a2050988227c85a76eec2643c6a05e5947
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0114832A18B42E6F7149B66E6887B933A4FF58385F404139C64DC2A90EF7CE4B4CB10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E6210 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$LongScroll
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3844982632-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2a013b13c18f188b5d906fc4d4a9dfd69696aaae5865891f8ce74e60d0de1701
                                                                                                                                                                                                                                                                  • Instruction ID: ea12afba190995178a41052237f58982eaf99947871251fd3d77517c769422c0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a013b13c18f188b5d906fc4d4a9dfd69696aaae5865891f8ce74e60d0de1701
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA716B76B05B1186EB04DF26E8609AD37A4FB48F94F484136EE6E43BA8CF38D045D305
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EE620 Relevance: 6.1, APIs: 4, Instructions: 143COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$FromPoint
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2501751775-0
                                                                                                                                                                                                                                                                  • Opcode ID: 820556ac91aa88a7dc0d093d3532adc6b84dfa6d55e18a06f8a5fb14e1fd411b
                                                                                                                                                                                                                                                                  • Instruction ID: 768c9079588fcb83285e06d8baaabf9a8bb13bba3dd4427f2563f7da97184647
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 820556ac91aa88a7dc0d093d3532adc6b84dfa6d55e18a06f8a5fb14e1fd411b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D51A176B09B0586EB24CF15D4A0A7A73A0FF88BC4F998131DA5D833E8DF7CD441A649
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E73DB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                                  • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                                                                  • API String ID: 2299586839-2904428671
                                                                                                                                                                                                                                                                  • Opcode ID: 2e82ed7d18db73120a9b6c3b7839f754300ed29e28b43a129d74ce5b00ccbcc3
                                                                                                                                                                                                                                                                  • Instruction ID: 4e0a8daca71a6e36c7b555f04d287ccc6a64f2de0fa806d5ced58efb24cea2da
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e82ed7d18db73120a9b6c3b7839f754300ed29e28b43a129d74ce5b00ccbcc3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4401A221B0CB81C5E7508B46F4881A6B360FF88BD0F58843ADE4D87B5ACE3CE941C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B7E67 Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalInfoLeaveLocaleSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1229108425-0
                                                                                                                                                                                                                                                                  • Opcode ID: b38bc3e53c943742c51471315cb5abe0a8cbba3f87fa76cacc0217c14aad936a
                                                                                                                                                                                                                                                                  • Instruction ID: 5de433e5e58a591355b938e3170da46495da660d957d7eedeee2ac87d773d9a1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b38bc3e53c943742c51471315cb5abe0a8cbba3f87fa76cacc0217c14aad936a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC019266B0468187EB0ADF25E860AA86390FF48B99F454032CE1E477F8CE3CD486E305
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E79678 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: GetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E7240F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsGetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72424
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: SetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E724AF
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF684E79E67,?,00000000,00000092,?,?,00000000,?,00007FF684E6D219), ref: 00007FF684E79716
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3029459697-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6dcc3fbd02c139d0f6414f79d9d16954de9b9cd423e18a2ea062e5920de22a59
                                                                                                                                                                                                                                                                  • Instruction ID: 1c27aeef08d5c7072b5249efc6906028cb94c6a270abc415588ebf0a2d33b35c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dcc3fbd02c139d0f6414f79d9d16954de9b9cd423e18a2ea062e5920de22a59
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC11DF67A0C645CAFB158F29D0C86A87BB0FF90BB8F448239C629833C1DE28D9D1C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E79748 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: GetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E7240F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: FlsGetValue.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E72424
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E72400: SetLastError.KERNEL32(?,?,?,00007FF684E6154B,?,?,?,00007FF684E737CD), ref: 00007FF684E724AF
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF684E79E23,?,00000000,00000092,?,?,00000000,?,00007FF684E6D219), ref: 00007FF684E797C6
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystemValue
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3029459697-0
                                                                                                                                                                                                                                                                  • Opcode ID: 308d59b9da2cddf3e0b7d5c6f49bf7920bee295b4571095c211d4e362b5735a4
                                                                                                                                                                                                                                                                  • Instruction ID: 2b9797d34af3ff189bed66aca8cb77cf8aa96915e35e82168be22e30d37901d0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 308d59b9da2cddf3e0b7d5c6f49bf7920bee295b4571095c211d4e362b5735a4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C019E62E0C281C6F7144F25E488BA976B1FF80BB8F459239D669876CACF6C9881C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E738D4 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF684E73D7F,?,?,?,?,?,?,?,?,00000000,00007FF684E78CB8), ref: 00007FF684E73923
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                                                                                                                  • Opcode ID: 76b797fdc748012a44d6ba44187b4d3ec2b7fc75de5f7bc98380afcf16f90fee
                                                                                                                                                                                                                                                                  • Instruction ID: 398fa1cf92777184b89dd0a068adeeee83b15a26a48ea5f682140ce94eaebc46
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76b797fdc748012a44d6ba44187b4d3ec2b7fc75de5f7bc98380afcf16f90fee
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF0F676A08B41C2E604DB29E8955A963A9BF99BC0F58803AEA5DC7765CE3CD851C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF81459D0 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 180libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressProc$Version$LibraryLoad
                                                                                                                                                                                                                                                                  • String ID: A$CloseThemeData$DrawThemeBackground$DrawThemeText$GetThemeBackgroundContentRect$GetThemeInt$GetThemePartSize$IsThemeBackgroundPartiallyTransparent$OpenThemeData$SetWindowTheme$UXTHEME.DLL
                                                                                                                                                                                                                                                                  • API String ID: 29192645-1228588308
                                                                                                                                                                                                                                                                  • Opcode ID: d1b90b9494a495b6d96edd82e2ba10971f795cb03655433f9aac1ab95a5401bf
                                                                                                                                                                                                                                                                  • Instruction ID: 02b1c76bbef9646d46435b1375512ccc08eeb2c5c337cf07c84867447aa28a2c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1b90b9494a495b6d96edd82e2ba10971f795cb03655433f9aac1ab95a5401bf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2A12E22F0D74382FB609B10BCA4BB923A1FB45745F550235D47D866ECDE7CE688E60A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C9909C Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 192memorynetworkCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Value$FreeLeaveLocal$AllocEnterHeap$CleanupConnectedInstupInternetProcessState
                                                                                                                                                                                                                                                                  • String ID: '$($13DA$A5C8$Error in Instup cleanup, return code {}$Error returned by Instup, return code {}$ctx$n
                                                                                                                                                                                                                                                                  • API String ID: 3260420035-3970679135
                                                                                                                                                                                                                                                                  • Opcode ID: 60d60478cbcb987f4a0f3f38b350cc18b38b959a32bc378e276a527998d32628
                                                                                                                                                                                                                                                                  • Instruction ID: 8d7930ad5cc91bc2077b2ca354a72c5064167325d7ddfb4d88c3be7ab10f14d6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60d60478cbcb987f4a0f3f38b350cc18b38b959a32bc378e276a527998d32628
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0915B21E09A42DAFB44DB65E9842B977B5BF86788F40453EDA0D937A5DF3DE840C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C8BC0 Relevance: 31.9, APIs: 17, Strings: 1, Instructions: 355COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CriticalSection$Rect$EnterLeaveLong$ClassClientCursorLoadObjectRegisterStockVersion$AdjustCreateDesktopParentText
                                                                                                                                                                                                                                                                  • String ID: title
                                                                                                                                                                                                                                                                  • API String ID: 2376530372-724990059
                                                                                                                                                                                                                                                                  • Opcode ID: 018a44ae7102a756e5555ea748817041c10e1545ada4e5ec59b6d623e8bdab64
                                                                                                                                                                                                                                                                  • Instruction ID: 35a2eff8bd24e2a1bd4e5180e896e28adc19ac4a9c7ea227afd33a594217bf39
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 018a44ae7102a756e5555ea748817041c10e1545ada4e5ec59b6d623e8bdab64
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31F1A172B086028BEB18DF65E4609AD73A1FB45B88B844535DE2D53BE8DF3CE504E309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DFA7E0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 165memorysleepregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$ErrorLast$ClassCriticalFreeSection$AllocDeleteHandleInfoInitializeModuleRegisterSleep
                                                                                                                                                                                                                                                                  • String ID: P${9C7565A2-47C2-4869-B388-8C7F9AD8E577}
                                                                                                                                                                                                                                                                  • API String ID: 1585186069-2048047006
                                                                                                                                                                                                                                                                  • Opcode ID: c32dd9bbe92c2f0d7b93b0a981418db6e3c56a5bb6b8a91ff2515e26d7c17970
                                                                                                                                                                                                                                                                  • Instruction ID: e8d04c7f4d62a91f10fe6d3f189f3f19f8740fc0e9cf1508a6628acdea7ec380
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c32dd9bbe92c2f0d7b93b0a981418db6e3c56a5bb6b8a91ff2515e26d7c17970
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0713025E19B42C6EB209F65E88426973A4FF88B84F41423EDA4EC3765EF7CE545C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BF040 Relevance: 31.7, APIs: 21, Instructions: 152COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Rect$Window$MetricsSystem$InflateLong$Offset$ClassClipCombineCreateDeleteExcludeFillIndirectObjectProcRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 273201684-0
                                                                                                                                                                                                                                                                  • Opcode ID: 49d3b36075d944c55a83d7ad20cc5f69bb419059d7319065149822025c501f97
                                                                                                                                                                                                                                                                  • Instruction ID: a5a2a8ac7cde6f0b4027594312f24d6cd0dbf1264d8f42374d521c5fb2167a36
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49d3b36075d944c55a83d7ad20cc5f69bb419059d7319065149822025c501f97
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D619275F04A4187FB04AF61E868AA937A0FB88B94F444531CE2E977A8DF3CD445D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E5A10 Relevance: 30.5, APIs: 20, Instructions: 492COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$Delete$ReleaseRestoreStock$AlignRectScrollTextValidate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3282784917-0
                                                                                                                                                                                                                                                                  • Opcode ID: 53b10edf17aa69048971c72d7619aad929350d3cb07762e69a2b95b588be991a
                                                                                                                                                                                                                                                                  • Instruction ID: 24b9841bc737048be1ed35c49e8df270ead88a49ee7514d86d4168e232e44f38
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53b10edf17aa69048971c72d7619aad929350d3cb07762e69a2b95b588be991a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA328C76B04B818AEB14DF65E8606AD77B0FB88B88F048136DE5D47BA8CF38D544DB44
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F36C0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 166COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClassUnregister$Version
                                                                                                                                                                                                                                                                  • String ID: -HTMLAYOUT-POPUP$-HTMLAYOUT-POPUP-W$A$HTMLAYOUT$HTMLAYOUT-POPUP$HTMLAYOUT-POPUP-W$HTMLAYOUT-W
                                                                                                                                                                                                                                                                  • API String ID: 2397417282-2431013298
                                                                                                                                                                                                                                                                  • Opcode ID: 6b97b28615848281a326c6b681fefe11a4b1cc39a61b6d05a7b2198f2698e071
                                                                                                                                                                                                                                                                  • Instruction ID: c185a93d08b161f0931db785bec9355022b902f5c91787b2c33e50da1150471a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b97b28615848281a326c6b681fefe11a4b1cc39a61b6d05a7b2198f2698e071
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA818221F0D68782FB249B14F870E7923A1EF94B54F468135D56D8A2ECDF2CE580B70A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF819E5B0 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Version
                                                                                                                                                                                                                                                                  • String ID: Unknown$htmlayout 3.3; %s; www.terrainformatica.com )
                                                                                                                                                                                                                                                                  • API String ID: 1889659487-1358869720
                                                                                                                                                                                                                                                                  • Opcode ID: ab6c408a64c7ae63e27e14503d808d91f63b4f495dc0da2a797418011dde4dc4
                                                                                                                                                                                                                                                                  • Instruction ID: ab6b679cc998176b9ad25f73c41940631eb5596ef0abde8f7bc9fb172de35c17
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab6c408a64c7ae63e27e14503d808d91f63b4f495dc0da2a797418011dde4dc4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5B16236F0868286F7648F20D8A0BF923A1FB55748F540235D52D866ECDF7CE584D346
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EE250 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$ClassCreateCursorLoadLongObjectRegisterStockUpdateVersion$AllocClientCurrentHookRectShowThreadUnicodeValueWindows
                                                                                                                                                                                                                                                                  • String ID: -HTMLAYOUT-POPUP$-HTMLAYOUT-POPUP-W$HTMLAYOUT-POPUP$HTMLAYOUT-POPUP-W$RUNTIME ERROR: unable to create popup window.
                                                                                                                                                                                                                                                                  • API String ID: 4161899599-509921070
                                                                                                                                                                                                                                                                  • Opcode ID: 1dcae5e4b3430d141fab4bb56981147d3121e6df14da6d06052c535d295a20ac
                                                                                                                                                                                                                                                                  • Instruction ID: 58d1668a604b2ba7c70b66b67210ebcc9f196b1cbf744f5989fe1ae9f88096ae
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dcae5e4b3430d141fab4bb56981147d3121e6df14da6d06052c535d295a20ac
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B461B472B08B4A87D704DF25F860A6977A0FB84B90F044135EAAD837A8DF3CD404DB05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8132F30 Relevance: 24.1, APIs: 16, Instructions: 124windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Color$Object$BrushText$CreateDeleteSelect$BitmapPattern
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 800347078-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6b3f0f5c044c7e72ea218eb2217429701342387a357b07c20701b7ec5bd428ad
                                                                                                                                                                                                                                                                  • Instruction ID: d3519cc25255be1ee8d31eed4df450122fc3bb645d3adf55347b1c86bdba3754
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b3f0f5c044c7e72ea218eb2217429701342387a357b07c20701b7ec5bd428ad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9516876B08A9087D748DF62E868C2A77A4FB89BD4B158031DE5E83768CF3CD486C704
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B5E80 Relevance: 24.1, APIs: 16, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ObjectViewport$CompatibleCreateModeSelectWindow$BeginBitmapClientPaintRectStock
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3586948744-0
                                                                                                                                                                                                                                                                  • Opcode ID: 395c0d5d5c264ae5d11bcc9ce1fb231b35f6cac10f5ffe085525c990ee6a8496
                                                                                                                                                                                                                                                                  • Instruction ID: 2feaefadd3d00fc5144bd7d313a57415ccb6ad8f21f17fb6b02756438fd196ce
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 395c0d5d5c264ae5d11bcc9ce1fb231b35f6cac10f5ffe085525c990ee6a8496
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86512776704A8186E718DF25E865A6973A0FB88F88F448135CE9D8B76CDF3CD484DB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C98710 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 279memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$CriticalSection$AllocFree$ClassDeleteEnterErrorInitializeLast_invalid_parameter_noinfo_noreturn$HandleInfoLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                  • String ID: asw::settings::SettingsConfig::Lock$asw::settings::SettingsConfig::ProductPluginLoadFn$asw::settings::SettingsConfig::ProductPluginUnloadFn
                                                                                                                                                                                                                                                                  • API String ID: 3963010532-3014327910
                                                                                                                                                                                                                                                                  • Opcode ID: 6624a6033b6490a5a45ed1cd339c605f8c4c222166bce033ea6ba0e6bf6dbac0
                                                                                                                                                                                                                                                                  • Instruction ID: 3f4ba311458ea4da1bab76472635ca918e2370dd806a1bdc3be84566ab3e2ac4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6624a6033b6490a5a45ed1cd339c605f8c4c222166bce033ea6ba0e6bf6dbac0
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43C17F32A19B45D5EA10DF16E88826973B8FF88BC4F55453ADA8D83B65EF3DE491C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6C80 Relevance: 19.6, APIs: 13, Instructions: 86windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$MessageSendViewport$ClipLayoutLongParentPointsRectRestoreSave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1374418031-0
                                                                                                                                                                                                                                                                  • Opcode ID: 39803c85952c316c698086b832660b5c445f38b61f3bd94d17c38ca766131896
                                                                                                                                                                                                                                                                  • Instruction ID: 69368226fee090ea022a356ccfde82e170d9f3a75181b483ede809516a01e163
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39803c85952c316c698086b832660b5c445f38b61f3bd94d17c38ca766131896
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7231847170864587E7249F15F824A6977A0FBC9B85F484230EE5E47BACCF3CE5059B05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BA9B0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Cursor$Load
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1675784387-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: c07dd71851a95b003605c5021686e0452f42416c29dcbcaf094368acbd215302
                                                                                                                                                                                                                                                                  • Instruction ID: 3d3602d24137e16c8d72f95038278b6608d2a9df460473d25682c5659c409562
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c07dd71851a95b003605c5021686e0452f42416c29dcbcaf094368acbd215302
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8A16331F0E6428AFB149B10D871E7923A2BF54744F954135D92D876ECEE2CF944B34A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C90F0 Relevance: 18.2, APIs: 12, Instructions: 155COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CriticalSection$EnterLeaveLong$ClientCreateDialogRect
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 795340837-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2bc74b281861c224d3af749e802085917d4b582a4daa87b419a8874242ab7986
                                                                                                                                                                                                                                                                  • Instruction ID: 3483f1da5db0be5dcbe38ec1306f6a592791d2d65fdc5c43f719d8b0dd2f4725
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bc74b281861c224d3af749e802085917d4b582a4daa87b419a8874242ab7986
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D361A371B0874283EB18DF25A869A7977A0FF85B80F954035DA6D877E8DF3CE401A705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837C444 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C453
                                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C468
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C489
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C4B6
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C4C7
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C4D8
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C4F3
                                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C529
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C548
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF838178C: HeapAlloc.KERNEL32(?,?,00000000,00007FFDF837C61E,?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000), ref: 00007FFDF83817E1
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C570
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF837BD98: HeapFree.KERNEL32(?,?,00000000,00007FFDF837C669,?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000), ref: 00007FFDF837BDAE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF837BD98: GetLastError.KERNEL32(?,?,00000000,00007FFDF837C669,?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000), ref: 00007FFDF837BDB8
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C581
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FFDF835F377,?,?,?,00007FFDF837BED9), ref: 00007FFDF837C592
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast$Heap$AllocFree
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 570795689-0
                                                                                                                                                                                                                                                                  • Opcode ID: 923a440a95829b622b72427e6a5d31bbb0b1e64e3d4c0d325633f644c4495a96
                                                                                                                                                                                                                                                                  • Instruction ID: ecdeb694050080fb9aa6777d335d0e25018ad3129d5e74711cc9254774c7c1af
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 923a440a95829b622b72427e6a5d31bbb0b1e64e3d4c0d325633f644c4495a96
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B413620F0D24243FB697621A87187D52D24F44BB4F5C0B34E93E8A6FADE2DE442660A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DF0260 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 95fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                  • String ID: \\.\ASWSP_Open$\\.\AVGSP_Open$\\.\AVRSP_Open$\\.\NLLSP_Open$mtps
                                                                                                                                                                                                                                                                  • API String ID: 1177325624-1521275592
                                                                                                                                                                                                                                                                  • Opcode ID: 691df89e8996e5b807327df32539be00cbcc98396244bfdf2cc431d6e0fa62c7
                                                                                                                                                                                                                                                                  • Instruction ID: 50df314a3102d91147604d7b8f5f5a3a3d763ce797672b6381a573bafc3636c8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 691df89e8996e5b807327df32539be00cbcc98396244bfdf2cc431d6e0fa62c7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F51CC3250DB81C6E7618B54F49436AB7A4FB853A4F504339E69E83BA8EFBDD444CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF825A820 Relevance: 16.9, APIs: 4, Strings: 7, Instructions: 416COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: calc$rgb$rgb($rgba$rgba($selector$url
                                                                                                                                                                                                                                                                  • API String ID: 0-3527232651
                                                                                                                                                                                                                                                                  • Opcode ID: 1d81126e0e17b4d91d3d8f9513ac1773c2d8ec341c551c9682fc1913ddce9811
                                                                                                                                                                                                                                                                  • Instruction ID: 165dba40e1a3c7db7b9e36493e1eeccc3004d3db3340d8cad53dca1b2d65d30a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d81126e0e17b4d91d3d8f9513ac1773c2d8ec341c551c9682fc1913ddce9811
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57127172B4861297EB649B15D12297833A0FF54B54F844231D76E8BAD8DF3CF4A1E30A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8148EF0 Relevance: 16.7, APIs: 11, Instructions: 209COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$CapsDeviceReleaseSelect$EnumFamiliesFontMetricsText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4007977802-0
                                                                                                                                                                                                                                                                  • Opcode ID: ffb9d3f4ca10275a5d686bcca3d82fc54a42b2e8884e3f34bc4de34b661fa361
                                                                                                                                                                                                                                                                  • Instruction ID: 6535a00405bd909fe413bf30d7b8483bcb003c3772d58f0f08164907e82f45db
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb9d3f4ca10275a5d686bcca3d82fc54a42b2e8884e3f34bc4de34b661fa361
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22914232B0978286EB14DB21E428A79B7A1FB8AB94F044231DA6D477ECDF3CE541D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C9930 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$ByteCharCloseHandleMultiViewWide$FlushPointerUnmap
                                                                                                                                                                                                                                                                  • String ID: Could not flush memory to disk.
                                                                                                                                                                                                                                                                  • API String ID: 3763602750-1683962931
                                                                                                                                                                                                                                                                  • Opcode ID: e1453ade5c2641b24102dc59557292cb11bfe8e35f22fc0ec8adb97e8a90cd17
                                                                                                                                                                                                                                                                  • Instruction ID: 4d43217b8b4feac7d4100226240fbfa59943f6e64f77e66ee2bcdcb25fdebf08
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1453ade5c2641b24102dc59557292cb11bfe8e35f22fc0ec8adb97e8a90cd17
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C881A232B05B4186FB149F61E864AA927A0BF49BA8F484135DE2D577ECDF3CE441E305
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA88A0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 158COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                  • API String ID: 4121308752-1062449267
                                                                                                                                                                                                                                                                  • Opcode ID: f46a8f4d2ea33d50ea480f1f5c32eb133c51d0204a37f8a227871ba88fac1d97
                                                                                                                                                                                                                                                                  • Instruction ID: 2576e90cda9392ca3a696bac14305ec338ce8f29a8cb6581e5af421ea512b4a8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f46a8f4d2ea33d50ea480f1f5c32eb133c51d0204a37f8a227871ba88fac1d97
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1616B22A09B41CAEB21DF61E4842AD33B5FF84748F05413DDA8CA7A99DF3CE851D358
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EFFE0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Create$LongUnicode
                                                                                                                                                                                                                                                                  • String ID: -HTMLAYOUT-TOOL$-HTMLAYOUT-TOOL-W$HTMLAYOUT-TOOL$HTMLAYOUT-TOOL-W$RUNTIME ERROR: unable to create popup window.
                                                                                                                                                                                                                                                                  • API String ID: 3856304439-2965759816
                                                                                                                                                                                                                                                                  • Opcode ID: b57938f43073f2229827783599db146d8d9364c172e0bbdb4aa1e1d371552a1d
                                                                                                                                                                                                                                                                  • Instruction ID: 69626d41bfb22af35775ef4f9ebf66a24935cf6f80fa138cb1182e2a29b0681f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b57938f43073f2229827783599db146d8d9364c172e0bbdb4aa1e1d371552a1d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B51847270868586EB14DB14E860B7877A1FF44BA4F548135EA6D437E8CF3DE881E709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6040 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$DeleteSelect$PaintViewportWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 644032327-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: e3a9c2855075202295287491c21d42bc8481961fb355127b3b233abd59ecf557
                                                                                                                                                                                                                                                                  • Instruction ID: 1275787fe691ed649a17bd7692da87ab9675e8f3aea76448e05c3eec9823de18
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3a9c2855075202295287491c21d42bc8481961fb355127b3b233abd59ecf557
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB210676714A8187DB54EF25E4A0A2977A0FB88F98F488135DE5D87768CF38D485CB04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C5640 Relevance: 15.1, APIs: 10, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$LongMessageObjectSelectSend$AdjustMetricsRectReleaseText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3035035113-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7c9554134f26068ccad6e678c9eb7e26ef66babac475ec778803b2a5b45bee57
                                                                                                                                                                                                                                                                  • Instruction ID: 28f9c24cf49963c5f3f1821b324bc9a200c28fc24d8e1e857e23fb6897c9534e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c9554134f26068ccad6e678c9eb7e26ef66babac475ec778803b2a5b45bee57
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35415F72B086418BD764DF25F454B6AB3A0FB88B84F448135EA9D83BA8DF3CD4448B04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CB7980 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 361COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocale_invalid_parameter_noinfo_noreturnstd::locale::_
                                                                                                                                                                                                                                                                  • String ID: integral cannot be stored in wchar_t
                                                                                                                                                                                                                                                                  • API String ID: 1468110720-1689078516
                                                                                                                                                                                                                                                                  • Opcode ID: bd6ec2d6afb82967205289be667fee6c318acbea282c82a09467bad39d8d37cb
                                                                                                                                                                                                                                                                  • Instruction ID: ec3c4108b58178bb1e0d515b74be99912358efffd5d92be218828f2020689add
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd6ec2d6afb82967205289be667fee6c318acbea282c82a09467bad39d8d37cb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F17E22A19B81C9EB21CB65E8802B977B5FF84784F54413ADE8D83B99DF3CE545CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF81568D0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 217fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF829BA7C: CreateFileW.KERNEL32 ref: 00007FFDF829BAD0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF829BA7C: GetFileSize.KERNEL32 ref: 00007FFDF829BAE4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF829BA7C: CreateFileMappingA.KERNEL32 ref: 00007FFDF829BB21
                                                                                                                                                                                                                                                                  • FlushViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF8156B4B
                                                                                                                                                                                                                                                                  • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF8156B64
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF8156B72
                                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF8156B94
                                                                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF8156B9D
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00007FFDF8156BA6
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$CloseCreateHandleView$FlushMappingPointerSizeUnmap
                                                                                                                                                                                                                                                                  • String ID: Could not flush memory to disk.$file://%s
                                                                                                                                                                                                                                                                  • API String ID: 409709207-3906887048
                                                                                                                                                                                                                                                                  • Opcode ID: 36c27eac618472381f50c05ac8b8b7b32e39a157aa298be1e2ea69d52fd1ab4a
                                                                                                                                                                                                                                                                  • Instruction ID: a74fc601d1fb89f80bd4ff85a8339b195cf844f6cd94371880529e0bfeabdc7a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36c27eac618472381f50c05ac8b8b7b32e39a157aa298be1e2ea69d52fd1ab4a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F691B023F19A429AFB109B61D5605FD33B0AB44BA8F444231DE2D57AEDDF38E801E349
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8134E60 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$AddressCompatibleCreateDeleteLibraryLoadProc
                                                                                                                                                                                                                                                                  • String ID: AlphaBlend$Msimg32.dll
                                                                                                                                                                                                                                                                  • API String ID: 1553575486-1584225664
                                                                                                                                                                                                                                                                  • Opcode ID: d73f5a0baf9d9a5c96fc11b4872b7465aa5bf3bc3e558fe64e32332b96fe3a16
                                                                                                                                                                                                                                                                  • Instruction ID: 6677b26e4075c8b679074aa70b1ac32e1b5a46c5ec94bdfacaf420949fbda973
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d73f5a0baf9d9a5c96fc11b4872b7465aa5bf3bc3e558fe64e32332b96fe3a16
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40A19073B08B818AE714CF29E854AAD77A4FB88B84F144135DE5D43BA8CF38E485DB45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EC5C0 Relevance: 13.6, APIs: 9, Instructions: 145COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$Delete$AlignCriticalEnterReleaseSectionText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 993868725-0
                                                                                                                                                                                                                                                                  • Opcode ID: 98c92fab7fa88398ac20f0bc0bce4a984f6539abe5288ce9da1393ead439f1d1
                                                                                                                                                                                                                                                                  • Instruction ID: eb9fdcb9194fea0c1728950ec941bc49de57146b8ad11b523d16527d7f738da5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98c92fab7fa88398ac20f0bc0bce4a984f6539abe5288ce9da1393ead439f1d1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA717C76B18B418AE714DFB4E4906AD33B1EB44798F000235DEAD67AACCF38E455E744
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E4FF0 Relevance: 13.6, APIs: 9, Instructions: 96windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$FocusRectShow$LongMoveParent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4135828658-0
                                                                                                                                                                                                                                                                  • Opcode ID: e5aa11550912552bca6f0d51e09fdebeb955a495ee07c921db25190051f80847
                                                                                                                                                                                                                                                                  • Instruction ID: e7800953d2094d36f737a62db54b852faff1d18b7c26c348110c0a094fde9af0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5aa11550912552bca6f0d51e09fdebeb955a495ee07c921db25190051f80847
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B41A3727186418BE724DF15F964A2E73A1FB847C0F504135DAAE43BA8CF3DE8459B05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8130E40 Relevance: 13.6, APIs: 9, Instructions: 53COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetDC.USER32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130E64
                                                                                                                                                                                                                                                                  • SetTextAlign.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EA0
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EAE
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EBB
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ECA
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ED7
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EE6
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EF3
                                                                                                                                                                                                                                                                  • SetBkMode.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130F06
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$SelectStock$AlignModeText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 120275662-0
                                                                                                                                                                                                                                                                  • Opcode ID: f9233dd87aa51bafbe775f3bb997c7ce914391bc96d5670adf2f6f9ad8783cd6
                                                                                                                                                                                                                                                                  • Instruction ID: 022838fc74988f661077ad03765a84d14a1b8795288a02597e67ac1948992256
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9233dd87aa51bafbe775f3bb997c7ce914391bc96d5670adf2f6f9ad8783cd6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E21D8B6A08B8182DB089F61E46462977A0FB88F58F088135CE5E8B3A8DF3CD484D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E620C8 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                  • String ID: 0$f$p$p
                                                                                                                                                                                                                                                                  • API String ID: 3215553584-1202675169
                                                                                                                                                                                                                                                                  • Opcode ID: faac5a8cd7adbbeb1d626555857ffcefd801e3686662551b26fe5e7cdbc609e6
                                                                                                                                                                                                                                                                  • Instruction ID: 3e8043980be8c090c12bfd4716bb54f2296aca652c264ce61bb199bc06984e60
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: faac5a8cd7adbbeb1d626555857ffcefd801e3686662551b26fe5e7cdbc609e6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E912AF62E0C143C6FB20BA54D09C6BA76A2FF50750F844539EB9A87AC8DF3CE580DB55
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CAC200 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 214COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Dynamic width or precision index too large.$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                                                                                                                                                  • API String ID: 0-1651902013
                                                                                                                                                                                                                                                                  • Opcode ID: cbac36b40b140baba22158f8a63e0def545954ead84a1be9f5792296d0dc89eb
                                                                                                                                                                                                                                                                  • Instruction ID: 1cccbd50c7de04712027fe2151ae63e444f98687a4ec231dd37cee945ffe3b00
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbac36b40b140baba22158f8a63e0def545954ead84a1be9f5792296d0dc89eb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 867101A2A08645CADA24CB19D4942B977B4FF81BC4F64413BDAAD836E5CE3CD581C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CB9FD0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                  • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                  • API String ID: 3230409043-1062449267
                                                                                                                                                                                                                                                                  • Opcode ID: 87274d93b4afe0f9108c70874ac62338634e3df0ec394c5558ae319a883ac6f1
                                                                                                                                                                                                                                                                  • Instruction ID: 2ce99711cb3b52f859409e72665f884a6d712cd465a163054b0727b94f5ffb83
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87274d93b4afe0f9108c70874ac62338634e3df0ec394c5558ae319a883ac6f1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15816A22A08B81DAEB11CF30E4802AD77B4FF84788F15413AEA8D97A69DF39D590D744
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E4F014 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileFindHeaderInstanceTargetType
                                                                                                                                                                                                                                                                  • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                                                                                                                                                                  • API String ID: 746355257-928371585
                                                                                                                                                                                                                                                                  • Opcode ID: b0405faec312698d2ca0de4ea4a0f11074925f3730a8e6648c9c45c251907e4a
                                                                                                                                                                                                                                                                  • Instruction ID: 513b5754b9493b0676c81a0c114f21ee008fd81b4f67510f7dcd93e44b6171f4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0405faec312698d2ca0de4ea4a0f11074925f3730a8e6648c9c45c251907e4a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A518E62B19E86D6EA30CB65E8C86B96360FF84BC8F40453ADA4E83B55DF7CE545C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837E4A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,00007FFDF837E6D8,?,?,?,?,00007FFDF835F443), ref: 00007FFDF837E61F
                                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000,?,00007FFDF837E6D8,?,?,?,?,00007FFDF835F443), ref: 00007FFDF837E62B
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                                  • Opcode ID: a978e9d14ffee90ca9b9d924f62ec90d77d2f29418b7148e388346c755705171
                                                                                                                                                                                                                                                                  • Instruction ID: d9c35bf622c2ac258d4a199cc3440c205f3f3bddf3e654bf92d847947927419c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a978e9d14ffee90ca9b9d924f62ec90d77d2f29418b7148e388346c755705171
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A74103A1B1D64682FB15AB16A834D6922D5BF45BE0F0C4135DC2DCB7ECEE3CE001A309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C98E0B Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 96libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$AddressProc
                                                                                                                                                                                                                                                                  • String ID: --product 5$GetModuleHandleW ({})$GetProcAddress ({})$SetProcessDPIAware
                                                                                                                                                                                                                                                                  • API String ID: 1975335638-2397380106
                                                                                                                                                                                                                                                                  • Opcode ID: a0ed3988ffc7921abcb2860fe5042918c85906331fe602cd71b8419138f53765
                                                                                                                                                                                                                                                                  • Instruction ID: 4edbf0c716a7a89179c775ec328e642fb71ebd1bd7900d576ff93b8647ee36e4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0ed3988ffc7921abcb2860fe5042918c85906331fe602cd71b8419138f53765
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C413022E18A46D5EB10DBA4E8D02ED6374FF94348F90513AEA4E93A69DF3CD545C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF829BB90 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$CloseHandleView$FlushPointerUnmap
                                                                                                                                                                                                                                                                  • String ID: Could not flush memory to disk.
                                                                                                                                                                                                                                                                  • API String ID: 519454899-1683962931
                                                                                                                                                                                                                                                                  • Opcode ID: addb0e8c74cc10367f5f6a1dce1d9df41804a6ec33ee9455174610e866f071a3
                                                                                                                                                                                                                                                                  • Instruction ID: 7e5211bc87da8f16bdc01b092e2b3a497ce9e7d33dbe0a24fd178c98fd75814e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: addb0e8c74cc10367f5f6a1dce1d9df41804a6ec33ee9455174610e866f071a3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 342121A1B0554982EB289F20D4B5B3823A0EF44F5CF184235D92D860ECCF7CE894E349
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E5CB0C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 475COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                  • String ID: f$p$p
                                                                                                                                                                                                                                                                  • API String ID: 3215553584-1995029353
                                                                                                                                                                                                                                                                  • Opcode ID: 82370194359c115f7e877a4752653bd48a82769e4f579e4bcd21c57a5e2ac23a
                                                                                                                                                                                                                                                                  • Instruction ID: 7f9e243967e70ad5026caa62b8c7ea105105671052680f4739623db1c162a893
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82370194359c115f7e877a4752653bd48a82769e4f579e4bcd21c57a5e2ac23a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60129425E0C183C6FB64AA65E19CA7976A1FF40754F868139E6CAC76C4DF3DE980CB10
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80CA120 Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetDC.USER32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130E64
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetTextAlign.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EAE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EBB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ECA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ED7
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EF3
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetBkMode.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130F06
                                                                                                                                                                                                                                                                  • SetTextAlign.GDI32 ref: 00007FFDF80CA366
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA39F
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80CA3AD
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA3BC
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80CA3CA
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA3D9
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32 ref: 00007FFDF80CA3ED
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3346625119-0
                                                                                                                                                                                                                                                                  • Opcode ID: 70847e78234f7e9382734d626946323ce9f51cd5d3ca2210314bdee40be150c1
                                                                                                                                                                                                                                                                  • Instruction ID: cc0916fe31c7e3112ac8218ec263531b1798ca70b0ba65f2a543948698e26d0b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70847e78234f7e9382734d626946323ce9f51cd5d3ca2210314bdee40be150c1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29A16B73B18B818AE714CF65E450AADB7B0FB88B94F005235EA9D53BA8DF78D445DB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80CA460 Relevance: 10.7, APIs: 7, Instructions: 201COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetDC.USER32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130E64
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetTextAlign.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EAE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EBB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ECA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ED7
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EF3
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetBkMode.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130F06
                                                                                                                                                                                                                                                                  • SetTextAlign.GDI32 ref: 00007FFDF80CA6A5
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA6DE
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80CA6EC
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA6FB
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80CA709
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA718
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32 ref: 00007FFDF80CA72C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3346625119-0
                                                                                                                                                                                                                                                                  • Opcode ID: c91d394129120d9574eb18c4279ebb79edf6eb3a824931d826ee6fdcfa573cbf
                                                                                                                                                                                                                                                                  • Instruction ID: b819375c65b88bbed8404e320af9baf22cd095f0acb883bbfc0304155040cb15
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c91d394129120d9574eb18c4279ebb79edf6eb3a824931d826ee6fdcfa573cbf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41A15D72B18B818AEB04DF65E8507AD77B0F789794F145235EA9D53BA8CF38E481DB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E78F0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetDC.USER32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130E64
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetTextAlign.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EAE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EBB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ECA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ED7
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EF3
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetBkMode.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130F06
                                                                                                                                                                                                                                                                  • SetTextAlign.GDI32 ref: 00007FFDF80E7AE5
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80E7B1E
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80E7B2C
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80E7B3B
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80E7B49
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80E7B58
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32 ref: 00007FFDF80E7B6C
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8134E60: CreateCompatibleDC.GDI32(?), ref: 00007FFDF8134F61
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8134E60: SelectObject.GDI32 ref: 00007FFDF8134F71
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8134E60: SelectObject.GDI32 ref: 00007FFDF8134FF4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8134E60: DeleteObject.GDI32 ref: 00007FFDF8134FFD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$DeleteStock$AlignText$CompatibleCreateModeRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3369458553-0
                                                                                                                                                                                                                                                                  • Opcode ID: 92518ee387eca3cc9faf5634513e596413da67038eb201d7982343e6ae655bb5
                                                                                                                                                                                                                                                                  • Instruction ID: ae4510a87142793806429dfbe1362d7e624b7e80beac3777946e76d2a3988403
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92518ee387eca3cc9faf5634513e596413da67038eb201d7982343e6ae655bb5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7914F73A19B818AE754CF64E4507AEB7B0F788794F141225EA9D53AACDF7CE480DB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C9E70 Relevance: 10.7, APIs: 7, Instructions: 174COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetDC.USER32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130E64
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetTextAlign.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EA0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EAE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EBB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ECA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130ED7
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: GetStockObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SelectObject.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130EF3
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8130E40: SetBkMode.GDI32(?,?,?,?,00000000,00007FFDF81338E6,?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF8130F06
                                                                                                                                                                                                                                                                  • SetTextAlign.GDI32 ref: 00007FFDF80CA036
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA06F
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80CA07D
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA08C
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32 ref: 00007FFDF80CA09A
                                                                                                                                                                                                                                                                  • SelectObject.GDI32 ref: 00007FFDF80CA0A9
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32 ref: 00007FFDF80CA0BD
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$Stock$AlignDeleteText$ModeRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3346625119-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1558bc480bdb23422cb0ca052455330b5122c7bb9b8b696592aa6f589fff4b95
                                                                                                                                                                                                                                                                  • Instruction ID: 0468a6ad08d2826292ce17f1f380324a2cdff135c43e914ae3ac0ae8a64b0597
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1558bc480bdb23422cb0ca052455330b5122c7bb9b8b696592aa6f589fff4b95
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0816D73B19B818AE700DF65E45066EB7A0FB88798F100235EE9D53BA8DF78D445DB04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BAD10 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileTemp$CursorFromLoadNamePath
                                                                                                                                                                                                                                                                  • String ID: cur$wb+
                                                                                                                                                                                                                                                                  • API String ID: 2710153881-2052460546
                                                                                                                                                                                                                                                                  • Opcode ID: c2af8494c468ef36b4d2047147c6316badd0f9e1d4936c6c34cdea206727b110
                                                                                                                                                                                                                                                                  • Instruction ID: 43f6b5d9832b638721b2aef003b0cd74b7b292a2fa30760bda00ad5e787e28bf
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2af8494c468ef36b4d2047147c6316badd0f9e1d4936c6c34cdea206727b110
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7716471B0AA4286EB209F14E465ABC63A1BF45B94F844131DA7D876ECDE3CE841E309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8149240 Relevance: 10.7, APIs: 7, Instructions: 153COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF81492BD
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8333F88: AcquireSRWLockExclusive.KERNEL32 ref: 00007FFDF8333F98
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8333F88: ReleaseSRWLockExclusive.KERNEL32 ref: 00007FFDF8333FD8
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF81492E2
                                                                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF814939C
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF8149422
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF814944A
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF814946B
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8333FF4: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FFDF80B65E9), ref: 00007FFDF8334004
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00007FFDF8149499
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$ExclusiveLock$AcquireEnterInitializeLeave$DeleteObjectRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2258696684-0
                                                                                                                                                                                                                                                                  • Opcode ID: c4315cc85ef5656f0a1b5c1d16f6a11d0195ad622800ebeffd59f9fd5fcbf442
                                                                                                                                                                                                                                                                  • Instruction ID: 65ecb6da93ef0d9c4e4ec10f2778675c0ec40baa133ba44b1eec8e4429dd84cc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4315cc85ef5656f0a1b5c1d16f6a11d0195ad622800ebeffd59f9fd5fcbf442
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C715A32F08B029AF700EB60F860AAC33B5AB45744F854136D97D566EDDF3CA559E30A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F1E30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                  • String ID: DISPLAY
                                                                                                                                                                                                                                                                  • API String ID: 0-865373369
                                                                                                                                                                                                                                                                  • Opcode ID: 736f6a4646f47a3fd41d6b92c0e88751c72d940d6d3298dba86cdd4a49fc6b5b
                                                                                                                                                                                                                                                                  • Instruction ID: 12463b3af6493afb5b9b2d0836590d07ca4650fe797029206acb9af7e7de22ac
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 736f6a4646f47a3fd41d6b92c0e88751c72d940d6d3298dba86cdd4a49fc6b5b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00616E33B186828BE754DF65E850AAD77A0FB84744F448036EA5D87BACDF38E404DB05
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C94620 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                                                  • API String ID: 1386471777-1405518554
                                                                                                                                                                                                                                                                  • Opcode ID: 4f8214df150ee90054e06fc87da4a74ed80f0fd3b009490e18ecf50ebcaab427
                                                                                                                                                                                                                                                                  • Instruction ID: 4247a695b1d25950cabae9a1f67889612aa4d48db27a3cb28cb7a5be24c30762
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f8214df150ee90054e06fc87da4a74ed80f0fd3b009490e18ecf50ebcaab427
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39512822A19B81CAEB21DFB0E4802AD6374FF94788F04413ADF8DA7A59DF38E555D344
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C94250 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                  • String ID: bad locale name$false
                                                                                                                                                                                                                                                                  • API String ID: 2967684691-2236580902
                                                                                                                                                                                                                                                                  • Opcode ID: a28b374600e187a93e7bd896309ecceecb2a12916978823847861d990d2cbcd2
                                                                                                                                                                                                                                                                  • Instruction ID: fc7c8046cef6dcb702bd8fd9271e3934d68af255ae3c7bdaa49522e80b1a7649
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a28b374600e187a93e7bd896309ecceecb2a12916978823847861d990d2cbcd2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34514722A19B81D9EB25DFB0E4902AD3378FF50788F044039DE8DA3A59DF38D526D344
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BEC80 Relevance: 10.6, APIs: 7, Instructions: 85timewindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: KillTimer$ClickCountCtrlDoubleMessageParentSendTickTime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4083620262-0
                                                                                                                                                                                                                                                                  • Opcode ID: 085920e03470e5ee46d9cd5546fea02679499bb2c6ec1d24604c3b52075ab8fc
                                                                                                                                                                                                                                                                  • Instruction ID: 831892a072653526619f748892ff6eb3e61f9f0b1c1871a48ca0170ff2a3bd86
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 085920e03470e5ee46d9cd5546fea02679499bb2c6ec1d24604c3b52075ab8fc
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A418F72B08B8687DB1CDF21E464A6973A0FB88B91F540135EA6E877A8CF3CE450D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6EC3 Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Value$EnterHookUnhookWindows
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1904704018-0
                                                                                                                                                                                                                                                                  • Opcode ID: fea04cd36470748b934d21915401d02c057c5dcb955f65e2760876d03ee4f74b
                                                                                                                                                                                                                                                                  • Instruction ID: 5b84106cd4a6ab392f124d876e4e1a001e4519a55fedec35c428b183249eacb2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fea04cd36470748b934d21915401d02c057c5dcb955f65e2760876d03ee4f74b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74318166F05A4283EB49EB25E974A7863A0FF45F95B494031CD2E477F8CF3CE446A209
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF813EA10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateObjectSelect$CompatibleDeleteSection
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1921846281-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: d508e2f3b16cbed48214736e419b814cae4eff1ba3f46f64df21676dc2df8872
                                                                                                                                                                                                                                                                  • Instruction ID: 0cc3b55b293b129e94c4f0083007689e185b88b425f77f9373a6c3787af5b508
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d508e2f3b16cbed48214736e419b814cae4eff1ba3f46f64df21676dc2df8872
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76217872614B908AD718DF69E458A2E77A4F789B90F068034DE5D83B68DF38D445CB04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DED760 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 61fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DECCE0: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF684DEE4DB), ref: 00007FF684DECD10
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DECCE0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF684DEE4DB), ref: 00007FF684DECD1E
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DECCE0: GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF684DEE4DB), ref: 00007FF684DECD38
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DECCE0: SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF684DEE4DB), ref: 00007FF684DECD50
                                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32 ref: 00007FF684DED7B7
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF684DED7D5
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00007FF684DED816
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CreateFile$AttributesDirectory
                                                                                                                                                                                                                                                                  • String ID: *$Unable to create directory '{}'!$Unable to open directory '{}' for writing!
                                                                                                                                                                                                                                                                  • API String ID: 2112330871-2911474180
                                                                                                                                                                                                                                                                  • Opcode ID: 7626910c016869f81bd9071795f301ffe33e1cbd3142aeabc8b95cc84cae279d
                                                                                                                                                                                                                                                                  • Instruction ID: bc6dd75b9c6c0a7d8b06821b3d83d3c3a1da10559f7d92e151df8dfbee602988
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7626910c016869f81bd9071795f301ffe33e1cbd3142aeabc8b95cc84cae279d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7215E32A08A42C2EB10DB50F4D43A9B3A0FF84798F504239E69E87A95DF7DD50DC740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8131E70 Relevance: 10.6, APIs: 7, Instructions: 55COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EA5
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EB2
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EC0
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131ECB
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131ED8
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EE6
                                                                                                                                                                                                                                                                  • RestoreDC.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131F17
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$DeleteSelectStock$Restore
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1965476268-0
                                                                                                                                                                                                                                                                  • Opcode ID: 51759bc30722370a9696efc018581a087fd37a64b68a2bb6f6e04bd12db54d52
                                                                                                                                                                                                                                                                  • Instruction ID: a662555f19079c31c44adcc6951e1ad7321c684656ef1e112c52065dd5a94e7a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51759bc30722370a9696efc018581a087fd37a64b68a2bb6f6e04bd12db54d52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91213066B09A4282EF589F51E064A3963A1EB88F85F084135EE1D473DCDF3CE885E745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8130F30 Relevance: 10.6, APIs: 7, Instructions: 51COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • SetTextAlign.GDI32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130F6E
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130FA2
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130FB0
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130FBE
                                                                                                                                                                                                                                                                  • DeleteObject.GDI32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130FCC
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130FDA
                                                                                                                                                                                                                                                                  • ReleaseDC.USER32(?,?,?,?,?,00007FFDF8133A64,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8130FEC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$Delete$AlignReleaseText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2724912489-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5359b76c4403335be4fb7ca0424dcc2dfc6350697f6cca1e733a7997ac6a2663
                                                                                                                                                                                                                                                                  • Instruction ID: 051a284561c7b2d67ad286c4fa5df3117d7151043168ae3e4a62885de49303c9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5359b76c4403335be4fb7ca0424dcc2dfc6350697f6cca1e733a7997ac6a2663
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6121F8A6B04A4583DB589F25D4A472963E0FB88F88F088135CE5D473ACDF3CD885D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF838C05C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                  • Opcode ID: 61c7f9d67f1748150c89e7948b3a2b97e78f0e4595999dbdc5ac83b3dcc9c3b1
                                                                                                                                                                                                                                                                  • Instruction ID: 2409560f18ec11cac9ccad947056b50955dd4c2c00adb151032f46f90de3027d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61c7f9d67f1748150c89e7948b3a2b97e78f0e4595999dbdc5ac83b3dcc9c3b1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A119661B18A4187E3549B46E864725A2E0FB48BE4F444234D93DC77E8DF3CD4448749
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F39F8 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 36registrywindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageRegisterWindow
                                                                                                                                                                                                                                                                  • String ID: English$HTMLayoutTransferFocus$HTMLayoutWhois$L#'
                                                                                                                                                                                                                                                                  • API String ID: 1814269913-115249506
                                                                                                                                                                                                                                                                  • Opcode ID: 94b68b436db08bb716ab3e7eb86fb57a5b277aa08f41482d94d2094d997d837d
                                                                                                                                                                                                                                                                  • Instruction ID: 2eafe78610c29fdf1ff63f33daa1c81d852ce9f25a3010ab5f14282355e4b3c4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94b68b436db08bb716ab3e7eb86fb57a5b277aa08f41482d94d2094d997d837d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B115A61F4AB83C1FB559B55E870A7437E0DF40B50F898536C92E4B2D9CF2D6441B30A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF810FC70 Relevance: 9.2, APIs: 6, Instructions: 189COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$CreateDeleteFont
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1981917228-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1eafd9eef39b7becbc38a8d1ba22c13f10f8b109bddda506a0db0ea0f6b0fb81
                                                                                                                                                                                                                                                                  • Instruction ID: 4fcbdd4a1cf20c96c0369f95567f3906d1cac5dc2e19b2e67ddc679366fde343
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eafd9eef39b7becbc38a8d1ba22c13f10f8b109bddda506a0db0ea0f6b0fb81
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75816AB3A08A8086DB54DF25D460A6D7BA1FB88F88F195235DE5D433A9CF38E841CB44
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B7F3E Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeaveLongWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1534508445-0
                                                                                                                                                                                                                                                                  • Opcode ID: 13c773e0f6de8768aa64a1e220a9d7418e0a23346b7c4463fa10aa6f1b5dd5ef
                                                                                                                                                                                                                                                                  • Instruction ID: a43a7576a4538a6bea722b7d3db4da3e292d3ee1f4499d6fd06ae0d3c88fffb8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13c773e0f6de8768aa64a1e220a9d7418e0a23346b7c4463fa10aa6f1b5dd5ef
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97515C22B05B8193DB0DDB35E6A46A8B7A8FB44B80F444035CB6D537B5DF38A175E309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EEDF0 Relevance: 9.1, APIs: 6, Instructions: 114COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Concurrency::cancel_current_taskDestroyParentUpdate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2364769541-0
                                                                                                                                                                                                                                                                  • Opcode ID: c0aaa4c9190f473fbee9f25ac152a2c6e990085b528d67f52ba74cc5aec2e7c3
                                                                                                                                                                                                                                                                  • Instruction ID: df30468aaa910d4a1e3bcdf39cd1ee348b99d24e917878b340c7adb4d12078ab
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0aaa4c9190f473fbee9f25ac152a2c6e990085b528d67f52ba74cc5aec2e7c3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C413D76B09B4982EB18DF15E860A2963A4FB89FC0F584031DAAD437B8CF7DD445A705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B7AC0 Relevance: 9.1, APIs: 6, Instructions: 100timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Timer$ClickClientCriticalDoubleLeaveLongScreenSectionTimeWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3215539043-0
                                                                                                                                                                                                                                                                  • Opcode ID: b7a96c2a6b7eaeeae8c07e776dbec71e7702ea1a15d5ec119fe0ec3b9655c8a2
                                                                                                                                                                                                                                                                  • Instruction ID: 4d22ab2ab381fa984ff9da080cbccd987b40181efb1de5f69ccfb4201b02947b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7a96c2a6b7eaeeae8c07e776dbec71e7702ea1a15d5ec119fe0ec3b9655c8a2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC419D72B046818BD759DF24D5A4AA977E4FB48B94F444132DB2D837E8CF38E851E704
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA7780 Relevance: 9.1, APIs: 6, Instructions: 91COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3702003507-0
                                                                                                                                                                                                                                                                  • Opcode ID: da7ef63e1b2fd6a97403faa30e5434948325801002b8eeb1225a9e4377f41100
                                                                                                                                                                                                                                                                  • Instruction ID: c4a1e1e8af25d3aa811d766fe5e13c68d1961b369f1442bc30f16c94ebe1418c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da7ef63e1b2fd6a97403faa30e5434948325801002b8eeb1225a9e4377f41100
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D141AF72A09B41C0EA21DB11E98417A73B4FF98BE4F44413AEA5D977A6DF3CE951C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B830A Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Color$BrushCreateCriticalDeleteLeaveObjectSectionSolidText
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2652430139-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5507ab0b38c8b37fea0e3aa5ae66cd3080a7f13462aab2f5e34142105ea926d5
                                                                                                                                                                                                                                                                  • Instruction ID: da8063c04b37aa043404c03603bbf56ff448440edd627342c16a5b4ead805f0a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5507ab0b38c8b37fea0e3aa5ae66cd3080a7f13462aab2f5e34142105ea926d5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB316125B09A0286EB5DAB25E970A7817A1BF88FD5F444431CD2F877F8DE3CD441A206
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B7CA2 Relevance: 9.1, APIs: 6, Instructions: 78timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AsyncState$KillTimer$ClickClientCountCriticalDoubleLeaveScreenSectionTickTime
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2332058121-0
                                                                                                                                                                                                                                                                  • Opcode ID: 29bc7f191e2fc2bec0ade26caee00981a51b0f714678e94f3698e372bde0d43a
                                                                                                                                                                                                                                                                  • Instruction ID: 920689c368a27b902c28e5649317defcc215835ec6a2a7267daba379f351123e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29bc7f191e2fc2bec0ade26caee00981a51b0f714678e94f3698e372bde0d43a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3316D76B04A8187DB1DDF25D5A4AB863A0FB48BA5F444132CA2E837E8CF3CE455E705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B7BEF Relevance: 9.1, APIs: 6, Instructions: 70timeCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AsyncState$ClickDoubleTime$ClientCountCriticalLeaveScreenSectionTickTimer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1680461691-0
                                                                                                                                                                                                                                                                  • Opcode ID: daedc93f9b0f9377b8913dd96f390edcb28f9bb76937948f46290f5773bd83ef
                                                                                                                                                                                                                                                                  • Instruction ID: ec90cd97181a51444e8d19ec45fbae0e719634b7954f7890276f20994b2b462f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: daedc93f9b0f9377b8913dd96f390edcb28f9bb76937948f46290f5773bd83ef
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61315E72B0468187DB1DDF25E964AAC73A0FB48B95F054136CA2E837A8DF3CE455D708
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA7FE0 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                  • Opcode ID: d4bfd7575ca1d61c4c6a608049d38e8ce6f06da7cfb9edca0078088f3b4bdeb1
                                                                                                                                                                                                                                                                  • Instruction ID: 3502d7d620c649429952a9f91ee43744f451c14488fd0e7c12a472f77ffac04d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4bfd7575ca1d61c4c6a608049d38e8ce6f06da7cfb9edca0078088f3b4bdeb1
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46313061A0DB41C1EA21DB26F88516A6374FF88BE4F44413AEA9DC77A5DE3CE541C710
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA5930 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2081738530-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2c49d97eb0321ecf0447d99140f6d680438a4c94cf50152affb2df8876d665ba
                                                                                                                                                                                                                                                                  • Instruction ID: 091aaa4477b6bedd6f2aef4d234a35ce8de3360db3d898b9e487b0aae65b3149
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c49d97eb0321ecf0447d99140f6d680438a4c94cf50152affb2df8876d665ba
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4314561A1DB41C1EA21DB25E48517AB375FF88BE4F48413AE95D877A5DF3CE901C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F10B0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Viewport$ClipIntersectModeRectWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 694020364-0
                                                                                                                                                                                                                                                                  • Opcode ID: 08ebbff239a7bf64a871a2a755abfe3376c963c80eecd8a1076b1e6a1b63ebe2
                                                                                                                                                                                                                                                                  • Instruction ID: f5633678489f37625b95a7f3b1beb65a99f956482dd7fffd2a0e8a1edd406d1e
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08ebbff239a7bf64a871a2a755abfe3376c963c80eecd8a1076b1e6a1b63ebe2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB211B76704A848BD318DF16EA50A1AB7A0FB89B84B14C125DF9947B28CF3CE865CF40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8169C70 Relevance: 9.1, APIs: 6, Instructions: 60sleepCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169C95
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169CD6
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169CE8
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D1C
                                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D34
                                                                                                                                                                                                                                                                  • Sleep.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D3F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$EventSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2153927836-0
                                                                                                                                                                                                                                                                  • Opcode ID: 7278a1362f3d4346be7c0b85785ddb1b928e599313cddfab48fe39b61ad57e52
                                                                                                                                                                                                                                                                  • Instruction ID: 8ed13047df7415f0582dd8a2e34d792633683ee40643a9e11dcfcff5027083d1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7278a1362f3d4346be7c0b85785ddb1b928e599313cddfab48fe39b61ad57e52
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5521F936B05A4187DB189F25E56466AB7B0FB88B80F484131DB9E43BA8CF3CE445D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837C5BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000,00007FFDF837575F,?,?,?), ref: 00007FFDF837C5CB
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000,00007FFDF837575F,?,?,?), ref: 00007FFDF837C601
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000,00007FFDF837575F,?,?,?), ref: 00007FFDF837C62E
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000,00007FFDF837575F,?,?,?), ref: 00007FFDF837C63F
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000,00007FFDF837575F,?,?,?), ref: 00007FFDF837C650
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FFDF836DD31,?,?,?,?,00007FFDF83861DA,?,?,00000000,00007FFDF837575F,?,?,?), ref: 00007FFDF837C66B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                  • Opcode ID: 2f47c32ef32c89a1b6850bbc4c4a2933a487e96f368d46135bc1fb15b4f2d97f
                                                                                                                                                                                                                                                                  • Instruction ID: 0e56a31594f9610cf6e97f99f2e59d1d07d348230de83cf5d3a83f09c2216c07
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f47c32ef32c89a1b6850bbc4c4a2933a487e96f368d46135bc1fb15b4f2d97f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59115B20F0D24243F7587721B5B193D62D28F48BB4F8C4734E83E866EEDE2CE442660A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E72578 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF684E61D75,?,?,?,?,00007FF684E70B34), ref: 00007FF684E72587
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF684E61D75,?,?,?,?,00007FF684E70B34), ref: 00007FF684E725BD
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF684E61D75,?,?,?,?,00007FF684E70B34), ref: 00007FF684E725EA
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF684E61D75,?,?,?,?,00007FF684E70B34), ref: 00007FF684E725FB
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF684E61D75,?,?,?,?,00007FF684E70B34), ref: 00007FF684E7260C
                                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF684E61D75,?,?,?,?,00007FF684E70B34), ref: 00007FF684E72627
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5c6d4a846ca3b0107159eab7c6702158ae2075638052b74a0144e96c4aa2c310
                                                                                                                                                                                                                                                                  • Instruction ID: 2652d89e634312b6143f2a1ffc36c2d380d203cf90fe7301477e1a8d48696ee0
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c6d4a846ca3b0107159eab7c6702158ae2075638052b74a0144e96c4aa2c310
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE116020F0C243C2FA949765A6D913966A17F857F0F14873DE92EC76D7EE2CE441C201
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BEE00 Relevance: 9.1, APIs: 6, Instructions: 56timewindowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ClickDoubleFocusTime$CountTickTimer
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4271707189-0
                                                                                                                                                                                                                                                                  • Opcode ID: 381ba2530e0ae627df06fedb67c8dbed93d53a0b632de834213960b019430f5e
                                                                                                                                                                                                                                                                  • Instruction ID: bb62d8572ec49abaf874a1bf6e1af457eef1fa577b765ff33c0a6bb7584c28ee
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 381ba2530e0ae627df06fedb67c8dbed93d53a0b632de834213960b019430f5e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB216872B0878197D70CDF25E558A69B7A0FB88780F448135DBAD837A8CF3CE0648B44
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C57C0 Relevance: 9.0, APIs: 6, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ObjectSelect$MessageMetricsReleaseSendTextWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2831084787-0
                                                                                                                                                                                                                                                                  • Opcode ID: 08b424d93fe5bb38c6ccde995e7e2953db6e7a957348073f4e96b6118b23ec98
                                                                                                                                                                                                                                                                  • Instruction ID: b4f35c1a6fe6faeb44f26a32e135f27921f73b71c842f42b242b34d90acd61b8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08b424d93fe5bb38c6ccde995e7e2953db6e7a957348073f4e96b6118b23ec98
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4511A0B270868183EB18AB25E969979B3A5FB88FC1F444130DE1D87BA8DE3CD4458B00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C3770 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: MessageSendWindow$EnabledFocusParent
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1851739627-0
                                                                                                                                                                                                                                                                  • Opcode ID: 328abaf77893cd59f1cff57bd2cb1f778dd4b0c552eed8474b94bef4d0fb0fc2
                                                                                                                                                                                                                                                                  • Instruction ID: 34643b3f8a4629fb0d5220b481e2f836586b6d0d771465b8793adad0479136cb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 328abaf77893cd59f1cff57bd2cb1f778dd4b0c552eed8474b94bef4d0fb0fc2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31119022F1868182EB149F62F554B6923A0EB89BC4F480131EE6D47BECCE3CD881A705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DED230 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnvironmentExpandStrings
                                                                                                                                                                                                                                                                  • String ID: %TMP%$Unable to expand %TMP{} environment variable!
                                                                                                                                                                                                                                                                  • API String ID: 2871630417-2940734617
                                                                                                                                                                                                                                                                  • Opcode ID: e6aaa3ad4cbf225bc874637069c347f852193cbbbd5a5960bfe7b9b108f1183e
                                                                                                                                                                                                                                                                  • Instruction ID: 1b3928524565088554e145b75d5397386455db1701950aec64a65e8c71e61164
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6aaa3ad4cbf225bc874637069c347f852193cbbbd5a5960bfe7b9b108f1183e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02515162A1CAC2D1EB30DB10E4943EDA360FF94784F90853ADA9E93A59EF7CE545C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8257F40 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103clipboardregistryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RegisterClipboardFormatW.USER32(?,?,?,?,?,?,?,00000000,00000000,00007FFDF81CFA44), ref: 00007FFDF8257F6E
                                                                                                                                                                                                                                                                  • OpenClipboard.USER32(?,?,?,?,?,?,?,00000000,00000000,00007FFDF81CFA44), ref: 00007FFDF8257F7C
                                                                                                                                                                                                                                                                  • EmptyClipboard.USER32(?,?,?,?,?,?,?,00000000,00000000,00007FFDF81CFA44), ref: 00007FFDF8257F86
                                                                                                                                                                                                                                                                  • CloseClipboard.USER32(?,?,?,?,?,?,?,00000000,00000000,00007FFDF81CFA44), ref: 00007FFDF8257F8C
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Clipboard$CloseEmptyFormatOpenRegister
                                                                                                                                                                                                                                                                  • String ID: HTML Format
                                                                                                                                                                                                                                                                  • API String ID: 2398088879-1098232656
                                                                                                                                                                                                                                                                  • Opcode ID: 3a843edfda840e51e8375d7befbe6a01c590b2b780abbf8cdb59f56be92babad
                                                                                                                                                                                                                                                                  • Instruction ID: 60ca0cc9d04b76ef5d71681c551cb3056eb9e28d26e50db0df6d836206b09ca8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a843edfda840e51e8375d7befbe6a01c590b2b780abbf8cdb59f56be92babad
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5414736B15B058AFB08DF65E8A04AC37B4FB48B88B044536DE6D97BA8CF38E450D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B1100 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: ImmReleaseContext$imm32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-791212443
                                                                                                                                                                                                                                                                  • Opcode ID: 8a29f8f2688b1faad1094b92cc9587e126a0d5c9d35f80fe77071e675488320f
                                                                                                                                                                                                                                                                  • Instruction ID: 3ad9322b371725f72c3ac3c30dc37ad3397ea7d61efe4daac51556524e99226b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a29f8f2688b1faad1094b92cc9587e126a0d5c9d35f80fe77071e675488320f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB01DE60F1AF0786EB09E754A97687062E1AF58740F844536C46FC37F8EE3CA195B31A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B1200 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: ImmSetCompositionWindow$imm32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-3301410851
                                                                                                                                                                                                                                                                  • Opcode ID: 8b9a57e75bbf520d75b3c10848b03bc33e967ed2bddb93120a39a4185c55bf1f
                                                                                                                                                                                                                                                                  • Instruction ID: 82828b0a716e31a9e59df2d36c336997b8af36c83b3d845614e9b15ac6e3e69b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b9a57e75bbf520d75b3c10848b03bc33e967ed2bddb93120a39a4185c55bf1f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7501D264F1AF0782EB48E754A87597062E1BF54740F840536C42FC36F8EE3CA195B31A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B1300 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: ImmAssociateContext$imm32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-3574938153
                                                                                                                                                                                                                                                                  • Opcode ID: fe98563d1ba8e942816a05232ef5563ad7ca5d55643bbe0049e262ccc8f33408
                                                                                                                                                                                                                                                                  • Instruction ID: 4f790486309404c2b3823c0c7b6c2dd211d65d285a234475f88b5cf67280286d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe98563d1ba8e942816a05232ef5563ad7ca5d55643bbe0049e262ccc8f33408
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1501DE64F1EE0792EB08EB55A87287062E17F58700F880135C43EC36F8EE3CA195A31A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B1430 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: MonitorFromPoint$user32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-355800951
                                                                                                                                                                                                                                                                  • Opcode ID: 69a9d034160bfb4b7b2dda9558480edc0f208fdac75711de411995288723e243
                                                                                                                                                                                                                                                                  • Instruction ID: b26243d1495588d32e76432d2725d41d1578444ebcd99ef8c727ef65fcb5f6ce
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69a9d034160bfb4b7b2dda9558480edc0f208fdac75711de411995288723e243
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6012161F1AE0786EB09EB54A8B183022E16F58754F880135C42EC33F8EF3CA095A30B
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B1530 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: GetMonitorInfoA$user32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-48335910
                                                                                                                                                                                                                                                                  • Opcode ID: a0b910bd160fc3a925ac3e4d7a53ab8d07dd0991f1bcbd37548f2548844f20b3
                                                                                                                                                                                                                                                                  • Instruction ID: 7c45ba25320e1dca3e09e5ec2e3783999320b557e2a8be67346d15b61b2a3c48
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0b910bd160fc3a925ac3e4d7a53ab8d07dd0991f1bcbd37548f2548844f20b3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B011A60F1AE47C2EB08EB55A87183022E1AF58740F880535C42EC33F8EE3CA095B31B
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B1630 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                  • String ID: UpdateLayeredWindow$user32.dll
                                                                                                                                                                                                                                                                  • API String ID: 145871493-1015952547
                                                                                                                                                                                                                                                                  • Opcode ID: c570a2c3ed5d5412b07cf3985b4669ffe1c97e48ea5008e42bfcdefc400b97e9
                                                                                                                                                                                                                                                                  • Instruction ID: 3887f158453eddcdcf6ef239752472858a6cf9e6d449d2ee6c5761bf49c58b36
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c570a2c3ed5d5412b07cf3985b4669ffe1c97e48ea5008e42bfcdefc400b97e9
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8601D264F1AE0782EB49E754A87583062E1AF55744F880535C52EC32F8DE3CA195B31B
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BD690 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 216COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF80B9DEE), ref: 00007FFDF80BD81B
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF80B9DEE), ref: 00007FFDF80BD874
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                  • String ID: image/gif$image/jpeg$image/png
                                                                                                                                                                                                                                                                  • API String ID: 626452242-935766689
                                                                                                                                                                                                                                                                  • Opcode ID: 9cc17028c42862118155dc43acd0db6bdbdcac3a7282812f5d33d83bac332c89
                                                                                                                                                                                                                                                                  • Instruction ID: 7302715cf5d0906d633d2590d847e6a8983e6286c6787806286b85fe917585c6
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9cc17028c42862118155dc43acd0db6bdbdcac3a7282812f5d33d83bac332c89
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1916D32B09B4182EB18DF15E460A79A7A0FB88B94F484135DE6D837E8DF3CE445E709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80BDA70 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 214COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF80B9D69), ref: 00007FFDF80BDBEB
                                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFDF80B9D69), ref: 00007FFDF80BDC44
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                  • String ID: image/gif$image/jpeg$image/png
                                                                                                                                                                                                                                                                  • API String ID: 626452242-935766689
                                                                                                                                                                                                                                                                  • Opcode ID: 62ef963f56addf63b0ad572dd74efa384a2342fee7c198afcae2e81a3cf91a59
                                                                                                                                                                                                                                                                  • Instruction ID: aaabbeaa0914d5da739e2335037d0f8abf619096d41789cbbc6be0882a32e273
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62ef963f56addf63b0ad572dd74efa384a2342fee7c198afcae2e81a3cf91a59
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF917472B09B4682EB58DF15E460979A7A0FB48B94F484135DE6D877E8CF3CE841E309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8155A90 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                                                                                                                                  • String ID: Verdana$screen,desktop
                                                                                                                                                                                                                                                                  • API String ID: 32694325-708148380
                                                                                                                                                                                                                                                                  • Opcode ID: 7a04e97c8493faaadf5059fc3137564ca83cdeddde76767aa1ee2af0b0807a3f
                                                                                                                                                                                                                                                                  • Instruction ID: 907173da0a8923a8577c389d256edff9de8f275e02a3e12212ec14e3bcee0439
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a04e97c8493faaadf5059fc3137564ca83cdeddde76767aa1ee2af0b0807a3f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDB12833B05B81AAE7088F25E9547A8B7A4F744B04F584229CB6C473A4DF38F4B5D309
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E72C20 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                  • Opcode ID: f2287139de77c65700ad5cde80b90152f187c23b8faaae1584fe0b6142e78def
                                                                                                                                                                                                                                                                  • Instruction ID: 006c8e9679a33b74f99da4230a1ceb9616a898c5493d2d1b02b86dde31270bb7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2287139de77c65700ad5cde80b90152f187c23b8faaae1584fe0b6142e78def
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3981C522D0CA46C6F7728B34A49827A67B0FF59364F048339EA9DA65D6DF3CE581C600
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EF3D0 Relevance: 7.7, APIs: 5, Instructions: 193COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateObjectSelect$CompatibleDeleteRectSectionWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 837537399-0
                                                                                                                                                                                                                                                                  • Opcode ID: afa21e5618685d0d6e9fe0da2980b5f47aa1a537750b51f5d152446d7b5e17f2
                                                                                                                                                                                                                                                                  • Instruction ID: a9215c0c8faccc160424ccbef178470a2947482a4c8e860a06e40d6f539464e8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: afa21e5618685d0d6e9fe0da2980b5f47aa1a537750b51f5d152446d7b5e17f2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09A18932B08B858AEB04DF64E8A06AD77B1FB88784F444136DA5D47BA8DF38E144DB45
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B9E10 Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetObjectA.GDI32 ref: 00007FFDF80B9E77
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FFDF80B9EE4
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FFDF80B9F27
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81339D0: SelectObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A6E
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81339D0: GetStockObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A79
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81339D0: SelectObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A85
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81339D0: DeleteDC.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A8E
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FFDF80B9FC3
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FFDF80BA006
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF813EB20: GetObjectA.GDI32 ref: 00007FFDF813EB86
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8133820: CreateCompatibleDC.GDI32(?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF81338BE
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8133820: SelectObject.GDI32(?,?,?,?,?,?,00000000,?,?,00007FFDF80EF59E), ref: 00007FFDF81338CE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$CriticalSection$Select$EnterLeave$CompatibleCreateDeleteStock
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1060921341-0
                                                                                                                                                                                                                                                                  • Opcode ID: d86a5fe03e351adfea04f2fba82d996d3ec54d626f847caa3fee4eea85d28e0f
                                                                                                                                                                                                                                                                  • Instruction ID: 7a9aacfb8e4fe06c512e067130166218bf0c516fcb607d3e3a0d128010f03714
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d86a5fe03e351adfea04f2fba82d996d3ec54d626f847caa3fee4eea85d28e0f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00719032B19A8186EB24DF25E8606ED73A0FB88784F444132DA6E83BE8DF7CD544D744
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8148C60 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CreateFont$CapsDevice
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3852243758-0
                                                                                                                                                                                                                                                                  • Opcode ID: fef667f1f0ff38aafbe3c7ec677d5756e814da217307bf8d725fca0fa4c1a15d
                                                                                                                                                                                                                                                                  • Instruction ID: e77210515d89a2b180b4cf8c6fb8982df78b131597737e0babbcc6ae6d06dbc2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fef667f1f0ff38aafbe3c7ec677d5756e814da217307bf8d725fca0fa4c1a15d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55518D72A186C187E364CF15E850B6ABBA0F7D5784F145228EA9843BA8DF7CD1A0DF04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F04E5 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$Update$ClientCreateLongRectShowUnicode
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1151564984-0
                                                                                                                                                                                                                                                                  • Opcode ID: ce788e3527a842a98abeb14915603b62ea921c35310995a1a1e50c928c0bb581
                                                                                                                                                                                                                                                                  • Instruction ID: 4dfbe4c4945bfe338888b27befdb0d6145366710a000e256f563b77fb99b4d56
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce788e3527a842a98abeb14915603b62ea921c35310995a1a1e50c928c0bb581
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13414C72B08B459AEB04DF69E8606AC77A0FB88B98F444131DE5D17BA8DF3CD44AD704
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C1340 Relevance: 7.6, APIs: 5, Instructions: 115windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$CtrlMessageParentSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2382089286-0
                                                                                                                                                                                                                                                                  • Opcode ID: 0ceba806e5aaa3d51fe9f9091c47cc74dccd876c69adcd3a8b10a0554afccf19
                                                                                                                                                                                                                                                                  • Instruction ID: 77f80406df4eacaddd46304e5bbe9c53be78602cdcbc372f2cb5e4d23469fff9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ceba806e5aaa3d51fe9f9091c47cc74dccd876c69adcd3a8b10a0554afccf19
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30519C72608B81C6E710DF21E814BA977A4FB88B94F458136EA6D837A8DF3CD841D744
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C98B30 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,00007FF684C91B7D), ref: 00007FF684C98B5A
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684CA1760: EnterCriticalSection.KERNEL32 ref: 00007FF684CA17A6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684CA1760: GetProcessHeap.KERNEL32 ref: 00007FF684CA17E3
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684CA1760: HeapFree.KERNEL32 ref: 00007FF684CA186D
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684CA1760: LeaveCriticalSection.KERNEL32 ref: 00007FF684CA187F
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterHeap$FreeLeaveProcess
                                                                                                                                                                                                                                                                  • String ID: asw::settings::SettingsConfig::ProductPluginLoadFn$asw::settings::SettingsConfig::ProductPluginUnloadFn$asw::settings::SettingsConfig::StorePathDef$asw::settings::SettingsConfig::StorePathIni
                                                                                                                                                                                                                                                                  • API String ID: 459308956-613270485
                                                                                                                                                                                                                                                                  • Opcode ID: 4d0fd27694ed84d133b6e6118eeb4f15118fe49ae43ff6f81f1b805fd65e3f0a
                                                                                                                                                                                                                                                                  • Instruction ID: 19aee73867be14943fe502ccdc3de3d6a96ed8313897a67173ffb0702864636b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d0fd27694ed84d133b6e6118eeb4f15118fe49ae43ff6f81f1b805fd65e3f0a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0516D21A19A42D1EA20EB16E4841BA6774FFC4B84F04453AEA8EC77A6DF3CE945C350
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E55FB4 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 826178784-0
                                                                                                                                                                                                                                                                  • Opcode ID: d411532e432acb1be624e800d313d9ca76b8cbad1268244e4cd1b43402f14982
                                                                                                                                                                                                                                                                  • Instruction ID: b86377b1ab499243f9717f83929b8e4c22558a7560ba6542c0cfa630f1e6cd58
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d411532e432acb1be624e800d313d9ca76b8cbad1268244e4cd1b43402f14982
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3415A22A09A56D4EB20CF31E8D42BC37B5BF18B94B95403ADA4D93795DF39E919C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DE9AE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetModuleHandleW.KERNEL32 ref: 00007FF684DFA852
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetClassInfoExW.USER32 ref: 00007FF684DFA863
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetLastError.KERNEL32 ref: 00007FF684DFA871
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: Sleep.KERNEL32 ref: 00007FF684DFA87E
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA897
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapAlloc.KERNEL32 ref: 00007FF684DFA8B2
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: InitializeCriticalSection.KERNEL32 ref: 00007FF684DFA8D4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA8DA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA8F0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: RegisterClassExW.USER32 ref: 00007FF684DFA90F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapFree.KERNEL32 ref: 00007FF684DFA93A
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: DeleteCriticalSection.KERNEL32 ref: 00007FF684DFA953
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA959
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapFree.KERNEL32 ref: 00007FF684DFA975
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetLastError.KERNEL32 ref: 00007FF684DFA986
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FF684DE9B21
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF684DE9B57
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF684DE9BC4
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684DE9BD6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C9AF70: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF684CAA1D4,?,?,?,?,?,?,00000000), ref: 00007FF684C9AF9F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E61318: _invalid_parameter_noinfo.LIBCMT ref: 00007FF684E6133D
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                  • String ID: asw::log::context::TlsIndex
                                                                                                                                                                                                                                                                  • API String ID: 1441953332-143919551
                                                                                                                                                                                                                                                                  • Opcode ID: 5ae336ffb0a4e91ae64152a86e185071b6150dc9cf8a153e73821bfd1ecf1507
                                                                                                                                                                                                                                                                  • Instruction ID: 0e28e53925eaadb5c25c706cfb499c8bf1fc2f52f76c68b6935f9ebc77edbd66
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ae336ffb0a4e91ae64152a86e185071b6150dc9cf8a153e73821bfd1ecf1507
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C316E22A09B42C6EA50DB56E8C416AB3A5FF98BC4F04453AEE8E83765DF3CE441C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80C5B80 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$CtrlDestroyMessageParentSend
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2943902463-0
                                                                                                                                                                                                                                                                  • Opcode ID: fa1b026d3b9e797cad471d7b4637ab1a2ccae18ee2d3d70810bd7b92399d91e5
                                                                                                                                                                                                                                                                  • Instruction ID: ba36d1a337af345838d606323e882ff731ebac9dddf232777050408303dddcb1
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa1b026d3b9e797cad471d7b4637ab1a2ccae18ee2d3d70810bd7b92399d91e5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23318172708B8186EB18DF11E8A4969B3A4FB89BD0F584035DAAE477E8CF3CE444D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8384BDC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                  • Opcode ID: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                                                                                                  • Instruction ID: 5a3b084eef70f6133aeb4ce1bd41f2d280686fa6baec3e58213303f9cf8fa29a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b279a170408d618237bddf6b9ec99c878b24dd9d163caff4e822d6b1485b2f82
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E119323F08A0217F7A431A8F5B1B7550E56F94370F1EC634E97E86AFE9F1C9940610A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837C684 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FFDF8374B03,?,?,00000000,00007FFDF8374D9E,?,?,?,?,?,00007FFDF8374D2A), ref: 00007FFDF837C6A3
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF8374B03,?,?,00000000,00007FFDF8374D9E,?,?,?,?,?,00007FFDF8374D2A), ref: 00007FFDF837C6C2
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF8374B03,?,?,00000000,00007FFDF8374D9E,?,?,?,?,?,00007FFDF8374D2A), ref: 00007FFDF837C6EA
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF8374B03,?,?,00000000,00007FFDF8374D9E,?,?,?,?,?,00007FFDF8374D2A), ref: 00007FFDF837C6FB
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FFDF8374B03,?,?,00000000,00007FFDF8374D9E,?,?,?,?,?,00007FFDF8374D2A), ref: 00007FFDF837C70C
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                  • Opcode ID: 5eeacc26e579396f6ae48ed08c69bedabe61fbc5bad702b5ff84f2ec60230988
                                                                                                                                                                                                                                                                  • Instruction ID: 919696c001a6f3cdbf1d79da07d49cc7470a156e61929a8c067562524980d4aa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eeacc26e579396f6ae48ed08c69bedabe61fbc5bad702b5ff84f2ec60230988
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0114A20F0D24243FB587725B9B197D61D24F84BE0F9C5734E83E866EEDE2CE442660A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E72640 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF684E617D3,?,?,00000000,00007FF684E61A6E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF684E619FA), ref: 00007FF684E7265F
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF684E617D3,?,?,00000000,00007FF684E61A6E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF684E619FA), ref: 00007FF684E7267E
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF684E617D3,?,?,00000000,00007FF684E61A6E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF684E619FA), ref: 00007FF684E726A6
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF684E617D3,?,?,00000000,00007FF684E61A6E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF684E619FA), ref: 00007FF684E726B7
                                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF684E617D3,?,?,00000000,00007FF684E61A6E,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF684E619FA), ref: 00007FF684E726C8
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                  • Opcode ID: d5eb2c031e6a9c673e6e9c7a18d1df5c65bd0921079e00d43284a60686d605b2
                                                                                                                                                                                                                                                                  • Instruction ID: 1ac314b114bafb0b7db97f7e5afa3c131c2a7b429c5bcbc589b22e66195081d7
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5eb2c031e6a9c673e6e9c7a18d1df5c65bd0921079e00d43284a60686d605b2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA114C20E0C243C2FA989765AAD917A21A17F853F0E14873EE93EC77D7DE2CE951C600
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA8770 Relevance: 7.5, APIs: 5, Instructions: 46fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast$CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1177325624-0
                                                                                                                                                                                                                                                                  • Opcode ID: f41f36e08775ac2d93d6ce81b72050a246663f8f912a12436b27bc2980ea8876
                                                                                                                                                                                                                                                                  • Instruction ID: 98e499227d441b4d279fa248452eef08ae5ce9ab2ab319894b253bee40b9e043
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f41f36e08775ac2d93d6ce81b72050a246663f8f912a12436b27bc2980ea8876
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C112E31A08642C6E7509B65F99562AB7A4FFC47E4F505239EA9E83BA4DF3CD450CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F06A0 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Window$DestroyParentUpdate
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3315813950-0
                                                                                                                                                                                                                                                                  • Opcode ID: bf11204a2cf3a1ce988ed661cb049afdcf5986fcedd6fa06baecaf9154038257
                                                                                                                                                                                                                                                                  • Instruction ID: 60d104bd5e922f662d795281c30de544929916caca5b76fa3864b65135d94719
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf11204a2cf3a1ce988ed661cb049afdcf5986fcedd6fa06baecaf9154038257
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC014F65F09B4682EF08AF12A56453923E0FF89B80B484030DD6E877A8EF3CD495A609
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA8B00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                                                  • API String ID: 2775327233-1405518554
                                                                                                                                                                                                                                                                  • Opcode ID: fe937c76ade38d5d06511770f7ce2b077ceb5163f242dfb62e5da12b8faff4d7
                                                                                                                                                                                                                                                                  • Instruction ID: ffd4323666f9815ac56ec95a41366ffb58b2a2b87db3306af60333d9a39e44e4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe937c76ade38d5d06511770f7ce2b077ceb5163f242dfb62e5da12b8faff4d7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17415972A0AB41CAEB24DFA1E4D42AC23B8FF44788F04443ADF4DA7A59DE38D525D354
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DFA330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: EnvironmentErrorLastVariable
                                                                                                                                                                                                                                                                  • String ID: -$Unable to retrieve environment variable '{}'!
                                                                                                                                                                                                                                                                  • API String ID: 3114522214-584169599
                                                                                                                                                                                                                                                                  • Opcode ID: be26311538b01c755f89e3d1d3fee1b897889f1ebc2ddbf6ee98763c43e8ea6b
                                                                                                                                                                                                                                                                  • Instruction ID: 16a261b8eb106875f6ad3c211e7d5827c1164b26f18e20287349ed307938b662
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be26311538b01c755f89e3d1d3fee1b897889f1ebc2ddbf6ee98763c43e8ea6b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E316D32A18B85C2E710DB21E4983AAB3A4FF887C4F504139EA8D83B55DF3CE595CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8356D98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FFDF8356E1B
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                  • API String ID: 389471666-631824599
                                                                                                                                                                                                                                                                  • Opcode ID: c7a5b931e320c613622e774ec9a284f95befe919061ece926cb0586053756653
                                                                                                                                                                                                                                                                  • Instruction ID: 04943149be08898eb34dbfb03423f2c4ab56a7cdbf54126100b55f07b338fc4f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c7a5b931e320c613622e774ec9a284f95befe919061ece926cb0586053756653
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB119D32B14B4293E748AB22DA207B932E1FB04354F484035CA2D87AA8EF3CF064D709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91FC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: GetThreadDescription$Kernel32.dll
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-415897907
                                                                                                                                                                                                                                                                  • Opcode ID: 5117a3e866f99692c5432abdee979b35444db74b06aefd3435f8fb85fbbc3595
                                                                                                                                                                                                                                                                  • Instruction ID: 3d421bd81d4a35daa4e789615c9df628899aae447334ececc18c9d33dc359ee8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5117a3e866f99692c5432abdee979b35444db74b06aefd3435f8fb85fbbc3595
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DE04224E5AB12D1EE459B45F8C527522B4BFDDB60F80157DC84EC2364FF6CA56AC700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: Kernel32.dll$SetThreadDescription
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-1724334159
                                                                                                                                                                                                                                                                  • Opcode ID: 5dc8d72536a4368b783a44c40a0ad04f083bbe84be18d15f4b7638c6e7b272eb
                                                                                                                                                                                                                                                                  • Instruction ID: b8f497f375f757243cff11e90cd3aff337a8cfa24650b7bab546a4ef037a1d1b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dc8d72536a4368b783a44c40a0ad04f083bbe84be18d15f4b7638c6e7b272eb
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7E0E224E5AB02C1EA049B89E8C523422A4BFDCB20F80003CC80E82320EE6CA5AAC300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                  • Opcode ID: 0cfaeb0a7ff3e779b2544cc257014b44472d339485341a8b267694f7e3cb2176
                                                                                                                                                                                                                                                                  • Instruction ID: ab799852c9754252b021007101dc1ab34e36e898e7a2e642a59ffd850306df26
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cfaeb0a7ff3e779b2544cc257014b44472d339485341a8b267694f7e3cb2176
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BD0C924E0AA02D2E604AF45ECC81747260BFC8750F81063DC40EC2320EF2CA99AC300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C92270 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: RtlDllShutdownInProgress$ntdll.dll
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-582119455
                                                                                                                                                                                                                                                                  • Opcode ID: 7d1fa2e4a57329d410bb3f13259c7d52b97bdbd53645ac4915a0734a5fbfd021
                                                                                                                                                                                                                                                                  • Instruction ID: 3296bc0c1a9e8aef7095e9b250b34af4ca585d7426eeb3712d38dec6fe92b199
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d1fa2e4a57329d410bb3f13259c7d52b97bdbd53645ac4915a0734a5fbfd021
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AD0C924E0AA42D2E604AB45ECC41747360BFC8750FC0013DC40E82320EF2CA99AC300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF819DFC0 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 381COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                                  • String ID: *;base64$data$file
                                                                                                                                                                                                                                                                  • API String ID: 1452528299-513602561
                                                                                                                                                                                                                                                                  • Opcode ID: 377bb96313274986306b0a3ff6426ea9699fc03e737b6b1ff134255d35fb615f
                                                                                                                                                                                                                                                                  • Instruction ID: 41f9267c6ddae6bbf16060063ea513d897226161c16a29660d77c9715201d199
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 377bb96313274986306b0a3ff6426ea9699fc03e737b6b1ff134255d35fb615f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52027D33B19B8182EB50DF10E4A09AA63A1FB84788F044135EE5D43BE9DF78E454E709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837D03C Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2718003287-0
                                                                                                                                                                                                                                                                  • Opcode ID: 548bc41e98c4b86e5c757983054e4e622bd0c2875a0bbb22fc31d376d3120db3
                                                                                                                                                                                                                                                                  • Instruction ID: 57c48aa4f4f904f0d8a46bc085449fb60416f532f9176fd60ecdb0bcbb4bb008
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 548bc41e98c4b86e5c757983054e4e622bd0c2875a0bbb22fc31d376d3120db3
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0ED1F522F08A818AE751DF75E4506AC37B1FB44798B184232CE6E97BEDDE38E406D705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837DA18 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FFDF837D9B8), ref: 00007FFDF837DB3B
                                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FFDF837D9B8), ref: 00007FFDF837DBC5
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                                                                  • Opcode ID: ebd1c336dc7001a96877a1865bde5fe5e4c599a365425fcd3efaefc2cc6a01b2
                                                                                                                                                                                                                                                                  • Instruction ID: 2fd63c5374b896be45563f8b30b0cc7c1166f87b41181640ca288d3b3d5df570
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebd1c336dc7001a96877a1865bde5fe5e4c599a365425fcd3efaefc2cc6a01b2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB91F472F1C65286F750AB65A460ABD27E0FB04798F484235DE1E976ECCF78D441E30A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF81CBB80 Relevance: 6.2, APIs: 4, Instructions: 167COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 73155330-0
                                                                                                                                                                                                                                                                  • Opcode ID: e4467c1df44aed38d7eeee07da25e94154f94956f94359c2f12c420e8b41ccb7
                                                                                                                                                                                                                                                                  • Instruction ID: 50c01926aebfa80dfbbc0eba8fe6180fa8ebfd05d1900d08ee3d699e128c4219
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4467c1df44aed38d7eeee07da25e94154f94956f94359c2f12c420e8b41ccb7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E410222F09B8586EB24AB21E4607AE6290EB557D4F440630EBAC47BEDDF7CE0D19305
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80D14B0 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeaveUpdateWindow
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 419760226-0
                                                                                                                                                                                                                                                                  • Opcode ID: 35d05395116837bbeb7303a53655515dcec2ba0f819773d4dfc0322fccbe235b
                                                                                                                                                                                                                                                                  • Instruction ID: 68646b7256dfb5f2ad9c85896b709ca45d52438a61c0464d85c223af227db589
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35d05395116837bbeb7303a53655515dcec2ba0f819773d4dfc0322fccbe235b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E413B67B09B4682EB09DB16D864A69A7A0FF88F90F494031DE2E433F8DF3CD445A345
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF829BA7C Relevance: 6.1, APIs: 4, Instructions: 82fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$View$CloseCreateHandle$FlushMappingPointerSizeUnmap
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3155271917-0
                                                                                                                                                                                                                                                                  • Opcode ID: 766dced5fde18a53e513a3d2714d44603fb6d387733c43097d60ae33b963fba2
                                                                                                                                                                                                                                                                  • Instruction ID: 36590d39066d4b4d5e613b0a0144a4154354abc4cbb5c7f8f5f864b7e450b267
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 766dced5fde18a53e513a3d2714d44603fb6d387733c43097d60ae33b963fba2
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3031E1B2B05B5586E724DF24E464B6C33A0E784BA8F188234CA6D477D8CF3CE856E300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C972B0 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBAD0: InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF684C972F1,?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684DEBB11
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBAD0: DeleteCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF684C972F1,?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684DEBB2A
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DEBAD0: EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF684C972F1,?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684DEBB87
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684C97310
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684C97351
                                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(?,?,?,?,00000000,00000008,?,00007FF684C9E4A5), ref: 00007FF684C97385
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684C9739F
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$CloseCreateDeleteEnterEventHandleInitialize
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3435541109-0
                                                                                                                                                                                                                                                                  • Opcode ID: 9f6b81f9f49034b1cd15912d3e2b3f5b7753f7d50d6e60a834bedb9a52c366fd
                                                                                                                                                                                                                                                                  • Instruction ID: b20ff86c542cf0f9eefa0a0d07c2a39c817e856b2556e958fad20fe6b14348d2
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f6b81f9f49034b1cd15912d3e2b3f5b7753f7d50d6e60a834bedb9a52c366fd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E31B232A19B81C2E7208F20E494379B7A4FFC8798F084539EA8D87A95DF3CE491C700
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF81339D0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: GetStockObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EA5
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: SelectObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EB2
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: DeleteObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EC0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: GetStockObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131ECB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: SelectObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131ED8
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: DeleteObject.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131EE6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8131E70: RestoreDC.GDI32(?,?,?,00007FFDF8133A01,?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8131F17
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A6E
                                                                                                                                                                                                                                                                  • GetStockObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A79
                                                                                                                                                                                                                                                                  • SelectObject.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A85
                                                                                                                                                                                                                                                                  • DeleteDC.GDI32(?,?,?,?,?,?,00000000,00007FFDF80EF5ED), ref: 00007FFDF8133A8E
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Object$Select$DeleteStock$Restore
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1104070528-0
                                                                                                                                                                                                                                                                  • Opcode ID: 169e6997262693d51f6c91a7e7944431bef4d0fa5a52395bc94de3ff481a0b20
                                                                                                                                                                                                                                                                  • Instruction ID: 69e95fb8b41eaeda2b5b05c44681154542adab7b005845b847e86adab8092e00
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 169e6997262693d51f6c91a7e7944431bef4d0fa5a52395bc94de3ff481a0b20
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9221287AB09B8682DB08DB12E86466973A4FB89FD4F084032DE5E577A8CF3CD045D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CC1FF0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2793162063-0
                                                                                                                                                                                                                                                                  • Opcode ID: 244745c17877ecc77a36fb6513cd60ea0fcf648e17026c4b458af686d9f60069
                                                                                                                                                                                                                                                                  • Instruction ID: 93373439e9c3b1593f7e3aa0770f469fdbf1c53e6ed5d6669ddadb6cd9fc3a8f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 244745c17877ecc77a36fb6513cd60ea0fcf648e17026c4b458af686d9f60069
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1110836919681C6E730CF21E4897AAB3A4FF88B85F005229DA9D87758EF3CD645CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DEDEF0 Relevance: 6.0, APIs: 4, Instructions: 47sleepfileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: File$Attributes$DeleteSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3341637309-0
                                                                                                                                                                                                                                                                  • Opcode ID: c102666145b868bb3223bac7765f40a3efb43ca477195d0a9a0191fc825a3e78
                                                                                                                                                                                                                                                                  • Instruction ID: 267e6c0b41a3425ee9ae45fdca0d94e2a16ea6de03cb77a8dc381b97de0a2c53
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c102666145b868bb3223bac7765f40a3efb43ca477195d0a9a0191fc825a3e78
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9811A321A08582C1EB54CF29E4C4179A3A1FF94B9CF544739DA6F866D9CF3CE845C740
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80F3AF0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3473537107-0
                                                                                                                                                                                                                                                                  • Opcode ID: e15c9f133b7b604955dbcc2f1b1702a26ffbdd3715efe7df973d7b6ba4b63b38
                                                                                                                                                                                                                                                                  • Instruction ID: b4a2d9ac34596754d3a12f38d0a8005d5ce939724f3d8de5f5a57ffc3e977046
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e15c9f133b7b604955dbcc2f1b1702a26ffbdd3715efe7df973d7b6ba4b63b38
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA010C71B0AB4281EB149B0AF86446963A0EF89BD4F499035DA6D4B7ACEF3CD490A705
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8169D60 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8169C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169C95
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8169C70: LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169CD6
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8169C70: EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169CE8
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8169C70: LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D1C
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8169C70: SetEvent.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D34
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF8169C70: Sleep.KERNEL32(?,?,?,?,?,00007FFDF8169E39,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D3F
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FFDF8169E47,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169D9A
                                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00007FFDF8169E47,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169DAA
                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF8169E47,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169DB4
                                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,00007FFDF8169E47,?,?,?,?,?,00007FFDF81565A0), ref: 00007FFDF8169DBE
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$CloseDeleteEnterHandleLeave$EventSleep
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 466394505-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6c91f359a65cff02480ddf6adbf3c623b61f5d6339468b833ee91256196738aa
                                                                                                                                                                                                                                                                  • Instruction ID: 2c2daf44356f054c68e2f1f14464f09803ba5d7348d5759ec0b682760ddd5a8b
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c91f359a65cff02480ddf6adbf3c623b61f5d6339468b833ee91256196738aa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B113022B1994283EB04EF25E5A463923A0FF84F94F184231DA6E872EDDF3DE445D345
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8334BD4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3311d8900f50d74eed5f0bd0bd167658aa9ceff4b26735e670f77e0f6c0eccac
                                                                                                                                                                                                                                                                  • Instruction ID: 55fc57f28794349bde41aac7d4e27fcedd1f8d214fe875162bdd3b45461e91ff
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3311d8900f50d74eed5f0bd0bd167658aa9ceff4b26735e670f77e0f6c0eccac
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E113022B14F018AEB00DF60E8646B833A4F759768F480E35DA7D877A8EF7CE1949345
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E4D550 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                  • Opcode ID: 1a71555d3ac75d1b5b29c508cce9c43e83cb3c577c55058c65f55adaec4114c7
                                                                                                                                                                                                                                                                  • Instruction ID: 14f2de0d2438d5189f8400d6644f187443884406ac6e66edb6ebe301f8038426
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a71555d3ac75d1b5b29c508cce9c43e83cb3c577c55058c65f55adaec4114c7
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7111C26B14F01C9EB008B64E8992B833A4FB59798F440A39EA6D86BA4DF7CD154C340
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E0EB0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 127614599-0
                                                                                                                                                                                                                                                                  • Opcode ID: 074dfdf781d8195f9939fc186360330b00a0f7a9974dc9d8f2d1a4f8b3bde94d
                                                                                                                                                                                                                                                                  • Instruction ID: 89caae365e03b3d6ba0fef1df611a32309dcfa2388c8d8f42313078f615a3617
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 074dfdf781d8195f9939fc186360330b00a0f7a9974dc9d8f2d1a4f8b3bde94d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E01F471F0960287E75C9B11F87096A63A2FB89751F188038C56D47BECDE3CE841A709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E0EC7 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 127614599-0
                                                                                                                                                                                                                                                                  • Opcode ID: ae3cb80f6c2c2efc911e4c089b7beb7df0c8adc20d42a2af364763170054fe31
                                                                                                                                                                                                                                                                  • Instruction ID: 97c373b4bb2656ea56e5d49e8a3ae46c3dc673b539edb7cbc4f8c8bc406c8f8a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae3cb80f6c2c2efc911e4c089b7beb7df0c8adc20d42a2af364763170054fe31
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5801F471F0960287F7185B11F87096A63A2FB89751F188039C56D4BBECDE3CE441A709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80E0ECF Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CapsDeviceRelease
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 127614599-0
                                                                                                                                                                                                                                                                  • Opcode ID: 3a5be9a3e041a85626639533f362eb26931805878ba46ff7c410e41df7de97fa
                                                                                                                                                                                                                                                                  • Instruction ID: 8ec8e3822172aff9a07362218c7c67bb39d60ea3eb23f5766e7b57d25ddcf148
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a5be9a3e041a85626639533f362eb26931805878ba46ff7c410e41df7de97fa
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87011271F0960287F7189B11F87096A63A2EB89751F188039C56D8BBECDE3CE8419709
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B6A00 Relevance: 6.0, APIs: 4, Instructions: 26memorythreadCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AllocCurrentHookThreadValueWindows
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 4130353779-0
                                                                                                                                                                                                                                                                  • Opcode ID: 695f48a55107916c5b5a6fba6d90b5a8c48ff20600f8bdf64f6862ab40be1edf
                                                                                                                                                                                                                                                                  • Instruction ID: d61b7e235850c9a594c22ed7baac585290a4441a659e3f69c90d46fad67afe8d
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 695f48a55107916c5b5a6fba6d90b5a8c48ff20600f8bdf64f6862ab40be1edf
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0FFA1F0A50287FB487B64E8A4D7522D1AF04724F985634D43E872F8DE3CA545FA0A
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CB3880 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 354COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF684CB3ADB
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E49460: MultiByteToWideChar.KERNEL32 ref: 00007FF684E4947C
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E49460: GetLastError.KERNEL32 ref: 00007FF684E4948A
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ByteCharErrorLastMultiWide__std_fs_convert_narrow_to_wide
                                                                                                                                                                                                                                                                  • String ID: \u{$\x{
                                                                                                                                                                                                                                                                  • API String ID: 1033888727-3325273574
                                                                                                                                                                                                                                                                  • Opcode ID: 809e52fbce8e94e2fd56dda3eb3427eb0d3c4673802b34b408061996db12673b
                                                                                                                                                                                                                                                                  • Instruction ID: 337f07db911a70b74c2071411d024113ae131690419227664cdec728d1d0e429
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 809e52fbce8e94e2fd56dda3eb3427eb0d3c4673802b34b408061996db12673b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F12B66A08B89C1DB158F2AD59022D7B75FB84F88F449437CE9E473A8CF38D866C350
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8394A88 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _set_statfp
                                                                                                                                                                                                                                                                  • String ID: !$acos
                                                                                                                                                                                                                                                                  • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                                                                  • Opcode ID: 31be59d681f5875a1ea6259157b6e7771ad8ef8f1f89de3d94bc0a52fbaf5065
                                                                                                                                                                                                                                                                  • Instruction ID: 4a075c4387d883a236c47ce1d6ef408781352a1ecd6baf8f5721a29dccf7cd38
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31be59d681f5875a1ea6259157b6e7771ad8ef8f1f89de3d94bc0a52fbaf5065
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA612921E1CF458AE7238B3594706369359AF663D5F158333E96E71AF8CF2CE042A609
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684DED860 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                                                                                                  • String ID: {}\{}{:016x}.{}
                                                                                                                                                                                                                                                                  • API String ID: 3188754299-3450286142
                                                                                                                                                                                                                                                                  • Opcode ID: 2911f7890d37736a94a44eb4c2f84950d19dcf31205bc55ad938dcb0d63bfe6b
                                                                                                                                                                                                                                                                  • Instruction ID: 7939d1446150f62c1a75fb398f83d4ab6ef202b26db0b4870d16af4d529bc389
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2911f7890d37736a94a44eb4c2f84950d19dcf31205bc55ad938dcb0d63bfe6b
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D8514732A14B45C9E7508F29E8803AD73B5FB49B58F10463ADE8DA3758EF38D595C380
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF837D6E8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                                  • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                  • Opcode ID: 3e4dc0de5496bb7f6f60efda645c781ac199ee03f67e19b995998c2c02a26386
                                                                                                                                                                                                                                                                  • Instruction ID: 12e5d05a8e79d99f6a8a41ba3f5c5369b95915c722cba8d0af9ec183ed2658b5
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e4dc0de5496bb7f6f60efda645c781ac199ee03f67e19b995998c2c02a26386
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0941F232B1CA8192EB20AF65F854BA967A0FB88794F844131EE4D877ACEF3CD001D745
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8134D50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Stretch$BitsMode
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 661349847-3916222277
                                                                                                                                                                                                                                                                  • Opcode ID: 9b1eb78e76d1ac4674e8c6f43bbfd5daa24e139bcbec7c6476823f2e816c384f
                                                                                                                                                                                                                                                                  • Instruction ID: fea85f778b36f42cc1dee11d19cd2cdbcf0e3226dec9682e3fa012a613bfd7c8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b1eb78e76d1ac4674e8c6f43bbfd5daa24e139bcbec7c6476823f2e816c384f
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC315C73608A848BD715CF26E454A19B7A4F748BD4F658125EF9D43B28DF38D846CB00
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684E732B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _set_errno_from_matherr
                                                                                                                                                                                                                                                                  • String ID: exp
                                                                                                                                                                                                                                                                  • API String ID: 1187470696-113136155
                                                                                                                                                                                                                                                                  • Opcode ID: 44dbc578716fbac1c533c87bfb39c0ef4c580c8e31fae3529fc31812d7173091
                                                                                                                                                                                                                                                                  • Instruction ID: f4de1cfa841c703ec45bd922e52554735b56879f431eabe796e7cdd2f02d3427
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44dbc578716fbac1c533c87bfb39c0ef4c580c8e31fae3529fc31812d7173091
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E213336E19A55CEEB90CF78D4842AC33B0FF48358B40453AEA0D92B4AEF38E440CB40
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CABF69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID: Negative width.$Number is too big.
                                                                                                                                                                                                                                                                  • API String ID: 3668304517-1861685508
                                                                                                                                                                                                                                                                  • Opcode ID: 7bd07b5eccc1329f156ea8c071d2a0358385e527aad461eb1319b04b588604e8
                                                                                                                                                                                                                                                                  • Instruction ID: 45201cd004c770bcca3b8ff4fee1ebc826bdd14c83bfd33fb944c185a82830bc
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7bd07b5eccc1329f156ea8c071d2a0358385e527aad461eb1319b04b588604e8
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 091154E2D08207DFF645BB64C4950B821747FA0354F654C3AD358936C7ED2D6D51C640
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CABF88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                  • String ID: Negative width.$Number is too big.
                                                                                                                                                                                                                                                                  • API String ID: 3668304517-1861685508
                                                                                                                                                                                                                                                                  • Opcode ID: e1d6b30f7944a1ac4984f6983089539d2072ca0afee551bd582940e79c6e3d2a
                                                                                                                                                                                                                                                                  • Instruction ID: 9c3e0342fadfd1b3f476abc2a6b9fbea5cf505584926f0210abcc4672f0c0cbb
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1d6b30f7944a1ac4984f6983089539d2072ca0afee551bd582940e79c6e3d2a
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A0125E2D0820BEFF249BB64C4950B921747FA0354F624C3AD358D39C3EE1D6D51C250
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF8358530 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDF81CBB2F), ref: 00007FFDF8358580
                                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FFDF81CBB2F), ref: 00007FFDF83585C1
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                  • Opcode ID: 33d794527ea33cd3a38fa723c04cbc8dfab6a1452d2c543ff12ab3a9dd5318ca
                                                                                                                                                                                                                                                                  • Instruction ID: 7df5649e50e0bae1a340913107a47fa7c6332c92a74c318e57e8957397f0d77a
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33d794527ea33cd3a38fa723c04cbc8dfab6a1452d2c543ff12ab3a9dd5318ca
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91115B32718B4182EB659F15E41066A77E0FB88B94F184630DF9C4BBA8DF3CD551CB04
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80B101D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                  • String ID: GetLayeredWindowAttributes
                                                                                                                                                                                                                                                                  • API String ID: 3013587201-2043642294
                                                                                                                                                                                                                                                                  • Opcode ID: 59af1b8a7a66b1cc024bc8ff406001f10c387c2e99cf1d6b3eaad134a9fc14e5
                                                                                                                                                                                                                                                                  • Instruction ID: 5746cc6556f90017466e0e99c29f089c9092ac45c3c4a8d729dae772516812f4
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59af1b8a7a66b1cc024bc8ff406001f10c387c2e99cf1d6b3eaad134a9fc14e5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6F0FF60F1AF4782EB08A764A9B183122E17F54740F840536C42EC36F8DE3DA192A71B
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: asw_process_storage_deallocate_connector
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-2412585098
                                                                                                                                                                                                                                                                  • Opcode ID: c4904a1d661f34ce7bf7fb1091902149370f4d093c8fe0d8049141bd8b727eb6
                                                                                                                                                                                                                                                                  • Instruction ID: 1cd41c932b44fd85e65815006ff98316a6cc4fe7356310a4b5382ce664dfbdb3
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4904a1d661f34ce7bf7fb1091902149370f4d093c8fe0d8049141bd8b727eb6
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5D01228F06A02C1E6496725ECC91386264BFC8791F90153DC40FC2320DE2CA595C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C919C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: asw_process_storage_deallocate_connector
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-2412585098
                                                                                                                                                                                                                                                                  • Opcode ID: 3018f2c42f9e25589326e1f9cee47b04a66c4d3dd75728fea171755971e20def
                                                                                                                                                                                                                                                                  • Instruction ID: 3e363c6da953889b76a5e0d37b85654252e1387658274261f7b5658065b27127
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3018f2c42f9e25589326e1f9cee47b04a66c4d3dd75728fea171755971e20def
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31D01228F05A02C1D6496B25EC891387264BFC8791F80153DC40FC2320DF2C9556C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C919F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: asw_process_storage_allocate_connector
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-1936732423
                                                                                                                                                                                                                                                                  • Opcode ID: 4cde390bed373a02219460c863a0d707832ace016cd7337d857a0d13a726623d
                                                                                                                                                                                                                                                                  • Instruction ID: 3891fa2a4d86ccfb4a1125d5380dec5191da15019da5c68e5ec86d621ee502f8
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cde390bed373a02219460c863a0d707832ace016cd7337d857a0d13a726623d
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68D01234F05A42C1D6086B15EC8913832607F88751F80153DC80FC2324DF2C9555C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9libraryloaderCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                  • String ID: asw_process_storage_allocate_connector
                                                                                                                                                                                                                                                                  • API String ID: 1646373207-1936732423
                                                                                                                                                                                                                                                                  • Opcode ID: bddf03f05db5bf1f2295faf40668240c51f5cf75a6778015398a54d3ba80e799
                                                                                                                                                                                                                                                                  • Instruction ID: f710623316c763a5161450b2781bda3533caaecf0e8449983f074dce30bbdeb9
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bddf03f05db5bf1f2295faf40668240c51f5cf75a6778015398a54d3ba80e799
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54D01234F06A42C1D6086715ECC913822607F88751F90153DC80FC2324DE2CA555C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF819EAD0 Relevance: 5.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FFDF819EB80
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FFDF819EC02
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FFDF819EC0D
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FFDF819EC23
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF819E5B0: GetVersionExA.KERNEL32 ref: 00007FFDF819E666
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF819E5B0: GetVersionExA.KERNEL32 ref: 00007FFDF819E681
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB75B
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: InitializeCriticalSection.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB765
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: CreateEventA.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB775
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: CreateThread.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB79C
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: CreateThread.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB7E4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: CreateThread.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB82C
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FFDF81CB730: CreateThread.KERNEL32(?,?,?,?,?,00007FFDF819EB3B), ref: 00007FFDF81CB874
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Create$Thread$EnterInitializeLeaveVersion$Event
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1428177548-0
                                                                                                                                                                                                                                                                  • Opcode ID: 65fabc98668ba1631a572e9c572512547e7929f4190ccd30efe1f85db9ed1bfd
                                                                                                                                                                                                                                                                  • Instruction ID: f00652ba09a5e9c6857aac666c68e4b30058d89ecd5ffae919b95aace01dcd04
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65fabc98668ba1631a572e9c572512547e7929f4190ccd30efe1f85db9ed1bfd
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED416C33E09B8186D714DF21E8A056977B0FB98B54B094235EB9E83BA4DF78E4E1D304
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FFDF80EDB90 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3508421703.00007FFDF80B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDF80B0000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508393323.00007FFDF80B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508647486.00007FFDF83BD000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508719732.00007FFDF8465000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508752072.00007FFDF8466000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508778139.00007FFDF8467000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508801810.00007FFDF8468000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508828765.00007FFDF8469000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508854349.00007FFDF846C000.00000008.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508880781.00007FFDF8472000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508909524.00007FFDF8476000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ffdf80b0000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Enter$Leave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2801635615-0
                                                                                                                                                                                                                                                                  • Opcode ID: 57029fdb9ff6c1cfddeaea254d89c1cf8e019d183a8cd77ae9b9e216a0b5b1a4
                                                                                                                                                                                                                                                                  • Instruction ID: 60e609e5764ed5f62b369b95043ac982f242e09bea3a3b2edc226ba876f6666f
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57029fdb9ff6c1cfddeaea254d89c1cf8e019d183a8cd77ae9b9e216a0b5b1a4
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A31ACB6B0560287EB68DB19E96496977A0EB48BD0F844031CF5D837E4CF38E896E701
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA1760 Relevance: 5.1, APIs: 4, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetModuleHandleW.KERNEL32 ref: 00007FF684DFA852
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetClassInfoExW.USER32 ref: 00007FF684DFA863
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetLastError.KERNEL32 ref: 00007FF684DFA871
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: Sleep.KERNEL32 ref: 00007FF684DFA87E
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA897
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapAlloc.KERNEL32 ref: 00007FF684DFA8B2
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: InitializeCriticalSection.KERNEL32 ref: 00007FF684DFA8D4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA8DA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA8F0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: RegisterClassExW.USER32 ref: 00007FF684DFA90F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapFree.KERNEL32 ref: 00007FF684DFA93A
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: DeleteCriticalSection.KERNEL32 ref: 00007FF684DFA953
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA959
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapFree.KERNEL32 ref: 00007FF684DFA975
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetLastError.KERNEL32 ref: 00007FF684DFA986
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FF684CA17A6
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF684CA17E3
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF684CA186D
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684CA187F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C9AF70: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF684CAA1D4,?,?,?,?,?,?,00000000), ref: 00007FF684C9AF9F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E61318: _invalid_parameter_noinfo.LIBCMT ref: 00007FF684E6133D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1441953332-0
                                                                                                                                                                                                                                                                  • Opcode ID: db53254fb5677c16b5077442e10ba5c190c6863e13045877f15d4e7ad99a0c1e
                                                                                                                                                                                                                                                                  • Instruction ID: 23bf4da2398f51dbd42316238f751803f2269f6de9be865cebcdc9ecde8388fa
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db53254fb5677c16b5077442e10ba5c190c6863e13045877f15d4e7ad99a0c1e
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E31B062A08B41C1EA10DB56F888569B3B9FF99BC0F16513AEE9E83715DF3DE481C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684C91B0B Relevance: 5.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                  • Opcode ID: 6372e71e2edd9afbd0eae549d8dae9e9a080560acd2f415b211a4e39a77431c5
                                                                                                                                                                                                                                                                  • Instruction ID: adf8fb666c730c54c4d62c6e3605f31f28a931d451be824730cf46f932756398
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6372e71e2edd9afbd0eae549d8dae9e9a080560acd2f415b211a4e39a77431c5
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D41E932B09A42E9EB10DF60D4912EC2375FF5474CF85043AEA0EA7A9ADF39D559C350
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CA1630 Relevance: 5.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetModuleHandleW.KERNEL32 ref: 00007FF684DFA852
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetClassInfoExW.USER32 ref: 00007FF684DFA863
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetLastError.KERNEL32 ref: 00007FF684DFA871
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: Sleep.KERNEL32 ref: 00007FF684DFA87E
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA897
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapAlloc.KERNEL32 ref: 00007FF684DFA8B2
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: InitializeCriticalSection.KERNEL32 ref: 00007FF684DFA8D4
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA8DA
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA8F0
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: RegisterClassExW.USER32 ref: 00007FF684DFA90F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapFree.KERNEL32 ref: 00007FF684DFA93A
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: DeleteCriticalSection.KERNEL32 ref: 00007FF684DFA953
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetProcessHeap.KERNEL32 ref: 00007FF684DFA959
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: HeapFree.KERNEL32 ref: 00007FF684DFA975
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684DFA7E0: GetLastError.KERNEL32 ref: 00007FF684DFA986
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32 ref: 00007FF684CA1673
                                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00007FF684CA16A5
                                                                                                                                                                                                                                                                  • HeapFree.KERNEL32 ref: 00007FF684CA1712
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32 ref: 00007FF684CA1724
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684C9AF70: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF684CAA1D4,?,?,?,?,?,?,00000000), ref: 00007FF684C9AF9F
                                                                                                                                                                                                                                                                    • Part of subcall function 00007FF684E61318: _invalid_parameter_noinfo.LIBCMT ref: 00007FF684E6133D
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: Heap$Process$CriticalSection$Free$AllocClassErrorLast$DeleteEnterHandleInfoInitializeLeaveModuleRegisterSleep_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 1441953332-0
                                                                                                                                                                                                                                                                  • Opcode ID: 825ba16cc609086413fad098d6c8158c0f77f9fc95d98a474b16b1087edd1f14
                                                                                                                                                                                                                                                                  • Instruction ID: bb4548f282896f5a697c0291f2e85b98e37a184b180dc425448f415fed54f07c
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 825ba16cc609086413fad098d6c8158c0f77f9fc95d98a474b16b1087edd1f14
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED319072A19B41C5EB50DB56E888569B3B9FF89BC0B19503AEE9E83755DF3CE841C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                  Function 00007FF684CD2E40 Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF684D0BD59), ref: 00007FF684CD2E74
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF684D0BD59), ref: 00007FF684CD2E84
                                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF684D0BD59), ref: 00007FF684CD2EFC
                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                  • Source File: 00000007.00000002.3507633304.00007FF684C91000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF684C90000, based on PE: true
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507597959.00007FF684C90000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507823214.00007FF684ED1000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507925167.00007FF684FB1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507958917.00007FF684FB3000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3507987851.00007FF684FBC000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508014259.00007FF684FBF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508041638.00007FF684FC0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508070906.00007FF684FC1000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508098457.00007FF684FC4000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508126754.00007FF684FC5000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508159860.00007FF684FCD000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508188560.00007FF684FCF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508224736.00007FF684FD1000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508252992.00007FF684FD2000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685022000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508296267.00007FF685027000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  • Associated: 00000007.00000002.3508358486.00007FF68502C000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_7ff684c90000_instup.jbxd
                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                  • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                  • API String ID: 2978645861-0
                                                                                                                                                                                                                                                                  • Opcode ID: 50c2c71fe0541e78d2491bccc275f6e62d8fe3db30d2ed1de8ca2838d8a80932
                                                                                                                                                                                                                                                                  • Instruction ID: 70c619fae06dfbd2c31eb7091c5ed233a50c5919d8208c563a42f5457d043384
                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50c2c71fe0541e78d2491bccc275f6e62d8fe3db30d2ed1de8ca2838d8a80932
                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D312162A48B45D6EB19CB15E58432977B4FF85B84F48453ACB5E43BA0CF7DE5A4C300
                                                                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                                                                  Uniqueness Score: -1.00%